USN-4254-1
Vulnerability Summary
Timeline
Description
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683) It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2019-18885) It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex Driver for the Linux kernel. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19057) It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19062) It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19063) Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-19227) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-19332) It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291)
Affected Systems
- ubuntu•linux
< 4.4.0-173.203
- ubuntu•linux-aws
< 4.4.0-1101.112
- ubuntu•linux-kvm
< 4.4.0-1065.72
- ubuntu•linux-raspi2
< 4.4.0-1128.137
- ubuntu•linux-snapdragon
< 4.4.0-1132.140
References (10)
- https://ubuntu.com/security/notices/USN-4254-1
- https://ubuntu.com/security/CVE-2019-14615
- https://ubuntu.com/security/CVE-2019-15291
- https://ubuntu.com/security/CVE-2019-18683
- https://ubuntu.com/security/CVE-2019-18885
- https://ubuntu.com/security/CVE-2019-19057
- https://ubuntu.com/security/CVE-2019-19062
- https://ubuntu.com/security/CVE-2019-19063
- https://ubuntu.com/security/CVE-2019-19227
- https://ubuntu.com/security/CVE-2019-19332