USN-4145-1
Vulnerability Summary
Timeline
Description
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2016-10905) It was discovered that the IPv6 implementation in the Linux kernel did not properly validate socket options in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18509) It was discovered that the USB gadget Midi driver in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-20961) It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20976) It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that the Atheros mobile chipset driver in the Linux kernel did not properly validate data in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2019-15926)
Affected Systems
- ubuntu•linux
< 4.4.0-165.193
- ubuntu•linux-aws
< 4.4.0-1095.106
- ubuntu•linux-kvm
< 4.4.0-1059.66
- ubuntu•linux-raspi2
< 4.4.0-1123.132
- ubuntu•linux-snapdragon
< 4.4.0-1127.135
References (12)
- https://ubuntu.com/security/notices/USN-4145-1
- https://ubuntu.com/security/CVE-2016-10905
- https://ubuntu.com/security/CVE-2017-18509
- https://ubuntu.com/security/CVE-2018-20961
- https://ubuntu.com/security/CVE-2018-20976
- https://ubuntu.com/security/CVE-2019-0136
- https://ubuntu.com/security/CVE-2019-10207
- https://ubuntu.com/security/CVE-2019-11487
- https://ubuntu.com/security/CVE-2019-13631
- https://ubuntu.com/security/CVE-2019-15211
- https://ubuntu.com/security/CVE-2019-15215
- https://ubuntu.com/security/CVE-2019-15926