USN-4209-1

Details

Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux kernel did not properly handle reference counting during memory mapping operations when used in conjunction with AUFS. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15794)

It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746)

It was discovered that there was a memory leak in the Advanced Buffer Management functionality of the Netronome NFP4000/NFP6000 NIC Driver in the Linux kernel during certain error scenarios. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19076)

Affected Packages

Ubuntu:18.04:LTSlinux-aws-5.0

Fixed in:

5.0.0-1022.25~18.04.1

Ubuntu:18.04:LTSlinux-gcp

Fixed in:

5.0.0-1026.27~18.04.1

Ubuntu:18.04:LTSlinux-gke-5.0

Fixed in:

5.0.0-1026.27~18.04.2

Ubuntu:18.04:LTSlinux-hwe

Fixed in:

5.0.0-37.40~18.04.1

Ubuntu:18.04:LTSlinux-oem-osp1

Fixed in:

5.0.0-1030.34

Ubuntu:18.04:LTSlinux-oracle-5.0

Fixed in:

5.0.0-1008.13~18.04.1

References

REPORThttps://ubuntu.com/security/CVE-2019-15794 REPORThttps://ubuntu.com/security/CVE-2019-16746 REPORThttps://ubuntu.com/security/CVE-2019-19076 ADVISORYhttps://ubuntu.com/security/notices/USN-4209-1

USN-4209-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline