[USN-4117-1] Linux kernel (AWS) vulnerabilities
Several security issues were fixed in the Linux kernel.
It was discovered that a heap buffer overflow existed in the Marvell
Wireless LAN device driver for the Linux kernel. An attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-10126)
Amit Klein and Benny Pinkas discovered that the Linux kernel did not
sufficiently randomize IP ID values generated for connectionless networking
protocols. A remote attacker could use this to track particular Linux
devices. (CVE-2019-10638)
It was discovered that a NULL pointer dereference vulnerability existed in
the Near-field communication (NFC) implementation in the Linux kernel. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2019-12984)
Jann Horn discovered a use-after-free vulnerability in the Linux kernel
when accessing LDT entries in some situations. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-13233)
Jann Horn discovered that the ptrace implementation in the Linux kernel did
not properly record credentials in some situations. A local attacker could
use this to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2019-13272)
It was discovered that the floppy driver in the Linux kernel did not
properly validate meta data, leading to a buffer overread. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2019-14283)
It was discovered that the floppy driver in the Linux kernel did not
properly validate ioctl() calls, leading to a division-by-zero. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2019-14284)
It was discovered that the Marvell Wireless LAN device driver in the Linux
kernel did not properly validate the BSS descriptor. A local attacker could
possibly use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-3846)
Jason Wang discovered that an infinite loop vulnerability existed in the
virtio net driver in the Linux kernel. A local attacker in a guest VM could
possibly use this to cause a denial of service in the host system.
(CVE-2019-3900)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/linux-image-aws?distro=disco | < 5.0.0.1014.15 |
pkg:deb/ubuntu/linux-image-5.0.0-1014-aws?distro=disco | < 5.0.0-1014.16 |
- ID
- USN-4117-1
- Severity
- critical
- Severity from
- CVE-2019-10126
- URL
- https://ubuntu.com/security/notices/USN-4117-1
- Published
-
2019-09-02T21:30:12
(5 years ago) - Modified
-
2019-09-02T21:30:12
(5 years ago) - Other Advisories
-
- ALAS-2019-1232
- ALAS2-2019-1232
- CISA-2021:1210
- DSA-4465-1
- DSA-4484-1
- DSA-4495-1
- DSA-4497-1
- ELSA-2019-2029
- ELSA-2019-2411
- ELSA-2019-2703
- ELSA-2019-3055
- ELSA-2019-3517
- ELSA-2019-3836
- ELSA-2019-4746
- ELSA-2019-4808
- ELSA-2019-4810
- ELSA-2019-4812
- ELSA-2019-4820
- ELSA-2019-4836
- ELSA-2019-4850
- ELSA-2019-4854
- ELSA-2019-4855
- ELSA-2020-1016
- ELSA-2020-5755
- ELSA-2020-5837
- ELSA-2020-5845
- ELSA-2020-5866
- ELSA-2021-9459
- FEDORA-2019-021c968423
- FEDORA-2019-057d691fd4
- FEDORA-2019-124a241044
- FEDORA-2019-15e141c6a7
- FEDORA-2019-1689d3fe07
- FEDORA-2019-41e28660ae
- FEDORA-2019-48b34fc991
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-5b76e711b3
- FEDORA-2019-640f8d8dd1
- FEDORA-2019-6817686c4d
- FEDORA-2019-69c132b061
- FEDORA-2019-6bda4c81f4
- FEDORA-2019-6c3d89b3d0
- FEDORA-2019-7a3fc17778
- FEDORA-2019-7aecfe1c4b
- FEDORA-2019-7ec378191e
- FEDORA-2019-8169b57f28
- FEDORA-2019-8219efa9f6
- FEDORA-2019-83858fc57b
- FEDORA-2019-87d807d7cb
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-914542e05c
- FEDORA-2019-97380355ae
- FEDORA-2019-9d3fe6fd5b
- FEDORA-2019-a570a92d5a
- FEDORA-2019-a6cd583a8d
- FEDORA-2019-a95015e60f
- FEDORA-2019-b318b2c6f3
- FEDORA-2019-c03eda3cc6
- FEDORA-2019-c36afa818c
- FEDORA-2019-e3010166bd
- FEDORA-2019-e37c348348
- FEDORA-2019-e6bf55e821
- FEDORA-2019-f40bd7826f
- FEDORA-2020-2a5cdd665c
- FEDORA-2020-c2d89d14d0
- FEDORA-2020-fe00e12580
- openSUSE-SU-2019:1571-1
- openSUSE-SU-2019:1579-1
- openSUSE-SU-2019:1716-1
- openSUSE-SU-2019:1757-1
- openSUSE-SU-2019:1923-1
- openSUSE-SU-2019:1924-1
- openSUSE-SU-2021:3876-1
- RHSA-2019:2029
- RHSA-2019:2043
- RHSA-2019:2405
- RHSA-2019:2411
- RHSA-2019:2703
- RHSA-2019:2741
- RHSA-2019:3055
- RHSA-2019:3076
- RHSA-2019:3089
- RHSA-2019:3309
- RHSA-2019:3517
- RHSA-2019:3836
- RHSA-2020:1016
- RHSA-2020:1070
- SSA:2019-202-01
- SSA:2019-226-01
- SSA:2019-311-01
- SUSE-SU-2019:1527-1
- SUSE-SU-2019:1529-1
- SUSE-SU-2019:1530-1
- SUSE-SU-2019:1532-1
- SUSE-SU-2019:1533-1
- SUSE-SU-2019:1534-1
- SUSE-SU-2019:1535-1
- SUSE-SU-2019:1536-1
- SUSE-SU-2019:1550-1
- SUSE-SU-2019:1581-1
- SUSE-SU-2019:1588-1
- SUSE-SU-2019:1668-1
- SUSE-SU-2019:1671-1
- SUSE-SU-2019:1674-1
- SUSE-SU-2019:1692-1
- SUSE-SU-2019:1765-1
- SUSE-SU-2019:1823-1
- SUSE-SU-2019:1823-2
- SUSE-SU-2019:1829-1
- SUSE-SU-2019:1851-1
- SUSE-SU-2019:1852-1
- SUSE-SU-2019:1854-1
- SUSE-SU-2019:1855-1
- SUSE-SU-2019:1882-1
- SUSE-SU-2019:1948-1
- SUSE-SU-2019:2068-1
- SUSE-SU-2019:2069-1
- SUSE-SU-2019:2070-1
- SUSE-SU-2019:2071-1
- SUSE-SU-2019:2072-1
- SUSE-SU-2019:2073-1
- SUSE-SU-2019:2232-1
- SUSE-SU-2019:2262-1
- SUSE-SU-2019:2263-1
- SUSE-SU-2019:2299-1
- SUSE-SU-2019:2430-1
- SUSE-SU-2019:2450-1
- SUSE-SU-2019:2821-1
- SUSE-SU-2019:2949-1
- SUSE-SU-2019:2984-1
- SUSE-SU-2019:3223-1
- SUSE-SU-2019:3224-1
- SUSE-SU-2019:3225-1
- SUSE-SU-2019:3228-1
- SUSE-SU-2019:3230-1
- SUSE-SU-2019:3232-1
- SUSE-SU-2019:3246-1
- SUSE-SU-2019:3247-1
- SUSE-SU-2019:3248-1
- SUSE-SU-2019:3249-1
- SUSE-SU-2019:3252-1
- SUSE-SU-2019:3258-1
- SUSE-SU-2019:3260-1
- SUSE-SU-2019:3261-1
- SUSE-SU-2019:3263-1
- SUSE-SU-2021:3192-1
- SUSE-SU-2021:3206-1
- SUSE-SU-2021:3217-1
- SUSE-SU-2021:3876-1
- SUSE-SU-2021:3969-1
- SUSE-SU-2021:3972-1
- SUSE-SU-2022:3263-1
- SUSE-SU-2022:3294-1
- SUSE-SU-2023:0416-1
- USN-4093-1
- USN-4094-1
- USN-4095-1
- USN-4095-2
- USN-4114-1
- USN-4115-1
- USN-4116-1
- USN-4118-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/linux-image-aws?distro=disco | ubuntu | linux-image-aws | < 5.0.0.1014.15 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-5.0.0-1014-aws?distro=disco | ubuntu | linux-image-5.0.0-1014-aws | < 5.0.0-1014.16 | disco |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |