[USN-4147-1] Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel.
It was discovered that the Intel Wi-Fi device driver in the Linux kernel
did not properly validate certain Tunneled Direct Link Setup (TDLS). A
physically proximate attacker could use this to cause a denial of service
(Wi-Fi disconnect). (CVE-2019-0136)
It was discovered that the Bluetooth UART implementation in the Linux
kernel did not properly check for missing tty operations. A local attacker
could use this to cause a denial of service. (CVE-2019-10207)
It was discovered that the GTCO tablet input driver in the Linux kernel did
not properly bounds check the initial HID report sent by the device. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2019-13631)
It was discovered that an out-of-bounds read existed in the QLogic QEDI
iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly
use this to expose sensitive information (kernel memory). (CVE-2019-15090)
Hui Peng and Mathias Payer discovered that the USB audio driver for the
Linux kernel did not properly validate device meta data. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2019-15117)
Hui Peng and Mathias Payer discovered that the USB audio driver for the
Linux kernel improperly performed recursion while handling device meta
data. A physically proximate attacker could use this to cause a denial of
service (system crash). (CVE-2019-15118)
It was discovered that the Raremono AM/FM/SW radio device driver in the
Linux kernel did not properly allocate memory, leading to a use-after-free.
A physically proximate attacker could use this to cause a denial of service
or possibly execute arbitrary code. (CVE-2019-15211)
It was discovered at a double-free error existed in the USB Rio 500 device
driver for the Linux kernel. A physically proximate attacker could use this
to cause a denial of service. (CVE-2019-15212)
It was discovered that a race condition existed in the CPiA2 video4linux
device driver for the Linux kernel, leading to a use-after-free. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2019-15215)
It was discovered that a race condition existed in the Softmac USB Prism54
device driver in the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash). (CVE-2019-15220)
Benjamin Moody discovered that the XFS file system in the Linux kernel did
not properly handle an error condition when out of disk quota. A local
attacker could possibly use this to cause a denial of service.
(CVE-2019-15538)
It was discovered that the Hisilicon HNS3 ethernet device driver in the
Linux kernel contained an out of bounds access vulnerability. A local
attacker could use this to possibly cause a denial of service (system
crash). (CVE-2019-15925)
It was discovered that the Atheros mobile chipset driver in the Linux
kernel did not properly validate data in some situations. An attacker could
use this to cause a denial of service (system crash). (CVE-2019-15926)
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered
that the Bluetooth protocol BR/EDR specification did not properly require
sufficiently strong encryption key lengths. A physically proximate attacker
could use this to expose sensitive information. (CVE-2019-9506)
It was discovered that ZR364XX Camera USB device driver for the Linux
kernel did not properly initialize memory. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2019-15217)
It was discovered that the Siano USB MDTV receiver device driver in the
Linux kernel made improper assumptions about the device characteristics. A
physically proximate attacker could use this cause a denial of service
(system crash). (CVE-2019-15218)
It was discovered that the Line 6 POD USB device driver in the Linux kernel
did not properly validate data size information from the device. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2019-15221)
It was discovered that the Line 6 USB driver for the Linux kernel contained
a race condition when the device was disconnected. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15223)
- ID
- USN-4147-1
- Severity
- medium
- URL
- https://ubuntu.com/security/notices/USN-4147-1
- Published
-
2019-10-04T15:38:51
(5 years ago) - Modified
-
2019-10-04T15:38:51
(5 years ago) - Other Advisories
-
- ALAS-2019-1281
- ALSA-2020:4431
- ALSA-2024:3138
- CISCO-SA-20190813-BLUETOOTH
- DSA-4495-1
- DSA-4497-1
- DSA-4531-1
- ELSA-2019-3055
- ELSA-2019-3517
- ELSA-2019-4739
- ELSA-2019-4741
- ELSA-2019-4746
- ELSA-2019-4820
- ELSA-2019-4850
- ELSA-2019-4871
- ELSA-2019-4872
- ELSA-2019-4878
- ELSA-2020-1016
- ELSA-2020-1769
- ELSA-2020-4060
- ELSA-2020-5755
- ELSA-2020-5845
- ELSA-2020-5866
- ELSA-2021-9534
- ELSA-2024-3138
- FEDORA-2019-021c968423
- FEDORA-2019-057d691fd4
- FEDORA-2019-124a241044
- FEDORA-2019-15e141c6a7
- FEDORA-2019-1689d3fe07
- FEDORA-2019-3dbfaeac73
- FEDORA-2019-41e28660ae
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-6bda4c81f4
- FEDORA-2019-7a3fc17778
- FEDORA-2019-7aecfe1c4b
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-97380355ae
- FEDORA-2019-9d3fe6fd5b
- FEDORA-2019-a570a92d5a
- FEDORA-2019-e3010166bd
- FEDORA-2019-e37c348348
- FEDORA-2020-2a5cdd665c
- FEDORA-2020-c2d89d14d0
- FEDORA-2020-fe00e12580
- MS:CVE-2019-9506
- openSUSE-SU-2019:1923-1
- openSUSE-SU-2019:1924-1
- openSUSE-SU-2019:2173-1
- openSUSE-SU-2019:2181-1
- openSUSE-SU-2019:2307-1
- openSUSE-SU-2019:2308-1
- RHSA-2019:3055
- RHSA-2019:3076
- RHSA-2019:3089
- RHSA-2019:3309
- RHSA-2019:3517
- RHSA-2020:1016
- RHSA-2020:1070
- RHSA-2020:1567
- RHSA-2020:1769
- RHSA-2020:3220
- RHSA-2020:4060
- RHSA-2020:4062
- RHSA-2020:4431
- RHSA-2020:4609
- RHSA-2024:2950
- RHSA-2024:3138
- RLSA-2024:3138
- SSA:2019-226-01
- SSA:2019-311-01
- SSA:2020-086-01
- SUSE-SU-2019:2068-1
- SUSE-SU-2019:2069-1
- SUSE-SU-2019:2070-1
- SUSE-SU-2019:2071-1
- SUSE-SU-2019:2072-1
- SUSE-SU-2019:2073-1
- SUSE-SU-2019:2262-1
- SUSE-SU-2019:2263-1
- SUSE-SU-2019:2299-1
- SUSE-SU-2019:2412-1
- SUSE-SU-2019:2414-1
- SUSE-SU-2019:2424-1
- SUSE-SU-2019:2430-1
- SUSE-SU-2019:2450-1
- SUSE-SU-2019:2648-1
- SUSE-SU-2019:2651-1
- SUSE-SU-2019:2658-1
- SUSE-SU-2019:2706-1
- SUSE-SU-2019:2710-1
- SUSE-SU-2019:2738-1
- SUSE-SU-2019:2756-1
- SUSE-SU-2019:2879-1
- SUSE-SU-2019:2949-1
- SUSE-SU-2019:2950-1
- SUSE-SU-2019:2984-1
- SUSE-SU-2019:3200-1
- SUSE-SU-2019:3295-1
- SUSE-SU-2020:0093-1
- SUSE-SU-2020:2526-1
- SUSE-SU-2022:0325-1
- SUSE-SU-2022:0327-1
- SUSE-SU-2022:0328-1
- SUSE-SU-2022:0329-1
- SUSE-SU-2022:0362-1
- SUSE-SU-2022:0477-1
- USN-4115-1
- USN-4118-1
- USN-4144-1
- USN-4145-1
- USN-4162-1
- USN-4162-2
- USN-4163-1
- USN-4163-2
- USN-4286-1
- USN-4286-2
- USN-4302-1
- VU:918987
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/linux-image-virtual?distro=disco | ubuntu | linux-image-virtual | < 5.0.0.31.32 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-virtual-hwe-18.04?distro=bionic | ubuntu | linux-image-virtual-hwe-18.04 | < 5.0.0.31.88 | bionic | ||
Affected | pkg:deb/ubuntu/linux-image-snapdragon?distro=disco | ubuntu | linux-image-snapdragon | < 5.0.0.1023.16 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-snapdragon-hwe-18.04?distro=bionic | ubuntu | linux-image-snapdragon-hwe-18.04 | < 5.0.0.31.88 | bionic | ||
Affected | pkg:deb/ubuntu/linux-image-raspi2?distro=disco | ubuntu | linux-image-raspi2 | < 5.0.0.1019.16 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-lowlatency?distro=disco | ubuntu | linux-image-lowlatency | < 5.0.0.31.32 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-lowlatency-hwe-18.04?distro=bionic | ubuntu | linux-image-lowlatency-hwe-18.04 | < 5.0.0.31.88 | bionic | ||
Affected | pkg:deb/ubuntu/linux-image-kvm?distro=disco | ubuntu | linux-image-kvm | < 5.0.0.1019.19 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-gke?distro=disco | ubuntu | linux-image-gke | < 5.0.0.1020.46 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-gke-5.0?distro=bionic | ubuntu | linux-image-gke-5.0 | < 5.0.0.1020.9 | bionic | ||
Affected | pkg:deb/ubuntu/linux-image-generic?distro=disco | ubuntu | linux-image-generic | < 5.0.0.31.32 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-generic-lpae?distro=disco | ubuntu | linux-image-generic-lpae | < 5.0.0.31.32 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-generic-lpae-hwe-18.04?distro=bionic | ubuntu | linux-image-generic-lpae-hwe-18.04 | < 5.0.0.31.88 | bionic | ||
Affected | pkg:deb/ubuntu/linux-image-generic-hwe-18.04?distro=bionic | ubuntu | linux-image-generic-hwe-18.04 | < 5.0.0.31.88 | bionic | ||
Affected | pkg:deb/ubuntu/linux-image-gcp?distro=disco | ubuntu | linux-image-gcp | < 5.0.0.1020.46 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-azure?distro=disco | ubuntu | linux-image-azure | < 5.0.0.1022.21 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-aws?distro=disco | ubuntu | linux-image-aws | < 5.0.0.1018.19 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-5.0.0-31-lowlatency?distro=disco | ubuntu | linux-image-5.0.0-31-lowlatency | < 5.0.0-31.33 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-5.0.0-31-lowlatency?distro=bionic | ubuntu | linux-image-5.0.0-31-lowlatency | < 5.0.0-31.33~18.04.1 | bionic | ||
Affected | pkg:deb/ubuntu/linux-image-5.0.0-31-generic?distro=disco | ubuntu | linux-image-5.0.0-31-generic | < 5.0.0-31.33 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-5.0.0-31-generic?distro=bionic | ubuntu | linux-image-5.0.0-31-generic | < 5.0.0-31.33~18.04.1 | bionic | ||
Affected | pkg:deb/ubuntu/linux-image-5.0.0-31-generic-lpae?distro=disco | ubuntu | linux-image-5.0.0-31-generic-lpae | < 5.0.0-31.33 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-5.0.0-31-generic-lpae?distro=bionic | ubuntu | linux-image-5.0.0-31-generic-lpae | < 5.0.0-31.33~18.04.1 | bionic | ||
Affected | pkg:deb/ubuntu/linux-image-5.0.0-1023-snapdragon?distro=disco | ubuntu | linux-image-5.0.0-1023-snapdragon | < 5.0.0-1023.24 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-5.0.0-1022-azure?distro=disco | ubuntu | linux-image-5.0.0-1022-azure | < 5.0.0-1022.23 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-5.0.0-1020-gke?distro=bionic | ubuntu | linux-image-5.0.0-1020-gke | < 5.0.0-1020.20~18.04.1 | bionic | ||
Affected | pkg:deb/ubuntu/linux-image-5.0.0-1020-gcp?distro=disco | ubuntu | linux-image-5.0.0-1020-gcp | < 5.0.0-1020.20 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-5.0.0-1019-raspi2?distro=disco | ubuntu | linux-image-5.0.0-1019-raspi2 | < 5.0.0-1019.19 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-5.0.0-1019-kvm?distro=disco | ubuntu | linux-image-5.0.0-1019-kvm | < 5.0.0-1019.20 | disco | ||
Affected | pkg:deb/ubuntu/linux-image-5.0.0-1018-aws?distro=disco | ubuntu | linux-image-5.0.0-1018-aws | < 5.0.0-1018.20 | disco |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |