USN-4526-1

Details

It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-18808)

It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19054)

It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19061)

It was discovered that the AMD Audio Coprocessor driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker with the ability to load modules could use this to cause a denial of service (memory exhaustion). (CVE-2019-19067)

It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19073, CVE-2019-19074)

It was discovered that the F2FS file system in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of- bounds read. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-9445)

It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12888)

It was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2020-14356)

It was discovered that the state of network RNG in the Linux kernel was potentially observable. A remote attacker could use this to expose sensitive information. (CVE-2020-16166)

Affected Packages

Ubuntu:16.04:LTSlinux-aws-hwe

Fixed in:

4.15.0-1083.87~16.04.1

Ubuntu:16.04:LTSlinux-azure

Fixed in:

4.15.0-1096.106~16.04.1

Ubuntu:16.04:LTSlinux-gcp

Fixed in:

4.15.0-1084.95~16.04.1

Ubuntu:16.04:LTSlinux-hwe

Fixed in:

4.15.0-118.119~16.04.1

Ubuntu:16.04:LTSlinux-oracle

Fixed in:

4.15.0-1054.58~16.04.1

Ubuntu:18.04:LTSlinux

Fixed in:

4.15.0-118.119

Ubuntu:18.04:LTSlinux-aws

Fixed in:

4.15.0-1083.87

Ubuntu:18.04:LTSlinux-azure-4.15

Fixed in:

4.15.0-1096.106

Ubuntu:18.04:LTSlinux-gcp-4.15

Fixed in:

4.15.0-1084.95

Ubuntu:18.04:LTSlinux-gke-4.15

Fixed in:

4.15.0-1070.73

Ubuntu:18.04:LTSlinux-kvm

Fixed in:

4.15.0-1075.76

Ubuntu:18.04:LTSlinux-oem

Fixed in:

4.15.0-1097.107

Ubuntu:18.04:LTSlinux-oracle

Fixed in:

4.15.0-1054.58

Ubuntu:18.04:LTSlinux-raspi2

Fixed in:

4.15.0-1071.75

Ubuntu:18.04:LTSlinux-snapdragon

Fixed in:

4.15.0-1087.95

Ubuntu:Pro:14.04:LTSlinux-azure

Fixed in:

4.15.0-1096.106~14.04.1

References

USN-4526-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline