USN-4254-1

Details

It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615)

It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683)

It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2019-18885)

It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex Driver for the Linux kernel. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19057)

It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19062)

It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19063)

Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-19227)

It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-19332)

It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291)

Affected Packages

Ubuntu:16.04:LTSlinux

Fixed in:

4.4.0-173.203

Ubuntu:16.04:LTSlinux-aws

Fixed in:

4.4.0-1101.112

Ubuntu:16.04:LTSlinux-kvm

Fixed in:

4.4.0-1065.72

Ubuntu:16.04:LTSlinux-raspi2

Fixed in:

4.4.0-1128.137

Ubuntu:16.04:LTSlinux-snapdragon

Fixed in:

4.4.0-1132.140

References

REPORThttps://ubuntu.com/security/CVE-2019-14615 REPORThttps://ubuntu.com/security/CVE-2019-15291 REPORThttps://ubuntu.com/security/CVE-2019-18683 REPORThttps://ubuntu.com/security/CVE-2019-18885 REPORThttps://ubuntu.com/security/CVE-2019-19057 REPORThttps://ubuntu.com/security/CVE-2019-19062 REPORThttps://ubuntu.com/security/CVE-2019-19063 REPORThttps://ubuntu.com/security/CVE-2019-19227 REPORThttps://ubuntu.com/security/CVE-2019-19332 ADVISORYhttps://ubuntu.com/security/notices/USN-4254-1

USN-4254-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline