USN-4094-1
Vulnerability Summary
Timeline
Description
linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511)
Affected Systems
- ubuntu•linux
< 4.15.0-58.64
- ubuntu•linux-azure
< 4.15.0-1055.60
- ubuntu•linux-gcp
< 4.15.0-1040.42~16.04.1 | < 4.15.0-1040.42
- ubuntu•linux-gke-4.15
< 4.15.0-1040.42
- ubuntu•linux-hwe
< 4.15.0-58.64~16.04.1
- ubuntu•linux-kvm
< 4.15.0-1042.42
- ubuntu•linux-oem
< 4.15.0-1050.57
- ubuntu•linux-oracle
< 4.15.0-1021.23~16.04.1 | < 4.15.0-1021.23
- ubuntu•linux-raspi2
< 4.15.0-1043.46
- ubuntu•linux-snapdragon
< 4.15.0-1060.66
References (33)
- https://ubuntu.com/security/notices/USN-4094-1
- https://ubuntu.com/security/CVE-2018-5383
- https://ubuntu.com/security/CVE-2018-13053
- https://ubuntu.com/security/CVE-2018-13093
- https://ubuntu.com/security/CVE-2018-13096
- https://ubuntu.com/security/CVE-2018-13097
- https://ubuntu.com/security/CVE-2018-13098
- https://ubuntu.com/security/CVE-2018-13099
- https://ubuntu.com/security/CVE-2018-13100
- https://ubuntu.com/security/CVE-2018-14609
- https://ubuntu.com/security/CVE-2018-14610
- https://ubuntu.com/security/CVE-2018-14611
- https://ubuntu.com/security/CVE-2018-14612
- https://ubuntu.com/security/CVE-2018-14613
- https://ubuntu.com/security/CVE-2018-14614
- https://ubuntu.com/security/CVE-2018-14615
- https://ubuntu.com/security/CVE-2018-14616
- https://ubuntu.com/security/CVE-2018-14617
- https://ubuntu.com/security/CVE-2018-16862
- https://ubuntu.com/security/CVE-2018-20169
- https://ubuntu.com/security/CVE-2018-20511
- https://ubuntu.com/security/CVE-2018-20856
- https://ubuntu.com/security/CVE-2019-1125
- https://ubuntu.com/security/CVE-2019-2024
- https://ubuntu.com/security/CVE-2019-2101
- https://ubuntu.com/security/CVE-2019-3846
- https://ubuntu.com/security/CVE-2019-10126
- https://ubuntu.com/security/CVE-2019-12614
- https://ubuntu.com/security/CVE-2019-12818
- https://ubuntu.com/security/CVE-2019-12819
- https://ubuntu.com/security/CVE-2019-12984
- https://ubuntu.com/security/CVE-2019-13233
- https://ubuntu.com/security/CVE-2019-13272