USN-4346-1

Description

linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16234) Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-19768) It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648) Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-9383)

Affected Systems

• ubuntu•linux

  < 4.4.0-178.208

• ubuntu•linux-aws

  < 4.4.0-1066.70 | < 4.4.0-1106.117

• ubuntu•linux-kvm

  < 4.4.0-1070.77

• ubuntu•linux-lts-xenial

  < 4.4.0-178.208~14.04.1

• ubuntu•linux-raspi2

  < 4.4.0-1132.141

• ubuntu•linux-snapdragon

  < 4.4.0-1136.144

References (6)

• https://ubuntu.com/security/notices/USN-4346-1
• https://ubuntu.com/security/CVE-2019-16233
• https://ubuntu.com/security/CVE-2019-16234
• https://ubuntu.com/security/CVE-2019-19768
• https://ubuntu.com/security/CVE-2020-8648
• https://ubuntu.com/security/CVE-2020-9383