USN-4302-1

Details

Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. (CVE-2020-2732)

Gregory Herrero discovered that the fix for CVE-2019-14615 to address the Linux kernel not properly clearing data structures on context switches for certain Intel graphics processors was incomplete. A local attacker could use this to expose sensitive information. (CVE-2020-8832)

It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19046)

It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19051)

It was discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19056)

It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19058)

It was discovered that the Brocade BFA Fibre Channel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19066)

It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19068)

It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217)

Affected Packages

Ubuntu:16.04:LTSlinux-aws-hwe

Fixed in:

4.15.0-1063.67~16.04.1

Ubuntu:16.04:LTSlinux-azure

Fixed in:

4.15.0-1075.80

Ubuntu:16.04:LTSlinux-gcp

Fixed in:

4.15.0-1058.62

Ubuntu:16.04:LTSlinux-hwe

Fixed in:

4.15.0-91.92~16.04.1

Ubuntu:16.04:LTSlinux-oracle

Fixed in:

4.15.0-1035.38~16.04.1

Ubuntu:18.04:LTSlinux

Fixed in:

4.15.0-91.92

Ubuntu:18.04:LTSlinux-aws

Fixed in:

4.15.0-1063.67

Ubuntu:18.04:LTSlinux-gke-4.15

Fixed in:

4.15.0-1055.58

Ubuntu:18.04:LTSlinux-kvm

Fixed in:

4.15.0-1056.57

Ubuntu:18.04:LTSlinux-oem

Fixed in:

4.15.0-1076.86

Ubuntu:18.04:LTSlinux-oracle

Fixed in:

4.15.0-1035.39

Ubuntu:18.04:LTSlinux-raspi2

Fixed in:

4.15.0-1057.61

Ubuntu:18.04:LTSlinux-snapdragon

Fixed in:

4.15.0-1074.81

Ubuntu:Pro:14.04:LTSlinux-azure

Fixed in:

4.15.0-1074.79~14.04.1

References

REPORThttps://ubuntu.com/security/CVE-2019-15217 REPORThttps://ubuntu.com/security/CVE-2019-19046 REPORThttps://ubuntu.com/security/CVE-2019-19051 REPORThttps://ubuntu.com/security/CVE-2019-19056 REPORThttps://ubuntu.com/security/CVE-2019-19058 REPORThttps://ubuntu.com/security/CVE-2019-19066 REPORThttps://ubuntu.com/security/CVE-2019-19068 REPORThttps://ubuntu.com/security/CVE-2020-2732 REPORThttps://ubuntu.com/security/CVE-2020-8832 ADVISORYhttps://ubuntu.com/security/notices/USN-4302-1

USN-4302-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline