USN-4302-1
Vulnerability Summary
Timeline
Description
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux-azure vulnerabilities Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. (CVE-2020-2732) Gregory Herrero discovered that the fix for CVE-2019-14615 to address the Linux kernel not properly clearing data structures on context switches for certain Intel graphics processors was incomplete. A local attacker could use this to expose sensitive information. (CVE-2020-8832) It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19046) It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19051) It was discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19056) It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19058) It was discovered that the Brocade BFA Fibre Channel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19066) It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19068) It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217)
Affected Systems
- ubuntu•linux
< 4.15.0-91.92
- ubuntu•linux-aws
< 4.15.0-1063.67
- ubuntu•linux-aws-hwe
< 4.15.0-1063.67~16.04.1
- ubuntu•linux-azure
< 4.15.0-1074.79~14.04.1 | < 4.15.0-1075.80
- ubuntu•linux-gcp
< 4.15.0-1058.62
- ubuntu•linux-gke-4.15
< 4.15.0-1055.58
- ubuntu•linux-hwe
< 4.15.0-91.92~16.04.1
- ubuntu•linux-kvm
< 4.15.0-1056.57
- ubuntu•linux-oem
< 4.15.0-1076.86
- ubuntu•linux-oracle
< 4.15.0-1035.38~16.04.1 | < 4.15.0-1035.39
- ubuntu•linux-raspi2
< 4.15.0-1057.61
- ubuntu•linux-snapdragon
< 4.15.0-1074.81
References (10)
- https://ubuntu.com/security/notices/USN-4302-1
- https://ubuntu.com/security/CVE-2019-15217
- https://ubuntu.com/security/CVE-2019-19046
- https://ubuntu.com/security/CVE-2019-19051
- https://ubuntu.com/security/CVE-2019-19056
- https://ubuntu.com/security/CVE-2019-19058
- https://ubuntu.com/security/CVE-2019-19066
- https://ubuntu.com/security/CVE-2019-19068
- https://ubuntu.com/security/CVE-2020-2732
- https://ubuntu.com/security/CVE-2020-8832