USN-4301-1

Advisory lineage Upstream: 16 Downstream: 0
Published: 25 Mar 2020, 01:39
Last modified:03 Jun 2026, 14:03

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

25 Mar 2020, 01:39
Published
Vulnerability first disclosed
03 Jun 2026, 14:03
Last Modified
Vulnerability information updated

Description

linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0, linux-azure vulnerabilities It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information (read memory from another guest VM). (CVE-2019-3016) Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. (CVE-2020-2732) It was discovered that the RPMSG character device interface in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19053) It was discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19056) It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19058, CVE-2019-19059) It was discovered that the Brocade BFA Fibre Channel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19066) It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19068)

Affected Systems

  • ubuntulinux-aws-5.0

    < 5.0.0-1027.30

  • ubuntulinux-azure

    < 5.0.0-1035.37

  • ubuntulinux-gcp

    < 5.0.0-1033.34

  • ubuntulinux-gke-5.0

    < 5.0.0-1032.33

  • ubuntulinux-oem-osp1

    < 5.0.0-1043.48

  • ubuntulinux-oracle-5.0

    < 5.0.0-1013.18

References (9)