USN-4364-1

Advisory lineage Upstream: 14 Downstream: 0
Published: 19 May 2020, 20:33
Last modified:23 May 2026, 01:31

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

19 May 2020, 20:33
Published
Vulnerability first disclosed
23 May 2026, 01:31
Last Modified
Vulnerability information updated

Description

linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060) It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the ability to perform ioctl() calls on /dev/vhost-net could use this to cause a denial of service (system crash). (CVE-2020-10942) It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494) It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability to specify mount options could use this to cause a denial of service (system crash). (CVE-2020-11565) It was discovered that the OV51x USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11608) It was discovered that the STV06XX USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11609) It was discovered that the Xirlink C-It USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11668)

Affected Systems

  • ubuntulinux

    < 4.4.0-179.209

  • ubuntulinux-aws

    < 4.4.0-1067.71 | < 4.4.0-1107.118

  • ubuntulinux-kvm

    < 4.4.0-1071.78

  • ubuntulinux-lts-xenial

    < 4.4.0-179.209~14.04.1

  • ubuntulinux-raspi2

    < 4.4.0-1133.142

  • ubuntulinux-snapdragon

    < 4.4.0-1137.145

References (8)