1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-4225-1

[USN-4225-1] Linux kernel vulnerabilities

Severity Medium
Affected Packages 26
CVEs 18
Info Packages Vulnerabilities

Several security issues were fixed in the Linux kernel.

It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)

It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-14896, CVE-2019-14897)

It was discovered that the Fujitsu ES network device driver for the Linux
kernel did not properly check for errors in some situations, leading to a
NULL pointer dereference. A local attacker could use this to cause a denial
of service. (CVE-2019-16231)

Anthony Steinhauser discovered that the Linux kernel did not properly
perform Spectre_RSB mitigations to all processors for PowerPC architecture
systems in some situations. A local attacker could use this to expose
sensitive information. (CVE-2019-18660)

It was discovered that the Broadcom V3D DRI driver in the Linux kernel did
not properly deallocate memory in certain error conditions. A local
attacker could possibly use this to cause a denial of service (kernel
memory exhaustion). (CVE-2019-19044)

It was discovered that the Mellanox Technologies Innova driver in the Linux
kernel did not properly deallocate memory in certain failure conditions. A
local attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2019-19045)

It was discovered that the Mellanox Technologies ConnectX driver in the
Linux kernel did not properly deallocate memory in certain failure
conditions. A local attacker could use this to cause a denial of service
(kernel memory exhaustion). (CVE-2019-19047)

It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did
not properly deallocate memory in certain situations. A local attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2019-19051)

It was discovered that Geschwister Schneider USB CAN interface driver in
the Linux kernel did not properly deallocate memory in certain failure
conditions. A physically proximate attacker could use this to cause a
denial of service (kernel memory exhaustion). (CVE-2019-19052)

It was discovered that the netlink-based 802.11 configuration interface in
the Linux kernel did not deallocate memory in certain error conditions. A
local attacker could possibly use this to cause a denial of service (kernel
memory exhaustion). (CVE-2019-19055)

It was discovered that the event tracing subsystem of the Linux kernel did
not properly deallocate memory in certain error conditions. A local
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2019-19072)

It was discovered that the driver for memoryless force-feedback input
devices in the Linux kernel contained a use-after-free vulnerability. A
physically proximate attacker could possibly use this to cause a denial of
service (system crash) or execute arbitrary code. (CVE-2019-19524)

It was discovered that the Microchip CAN BUS Analyzer driver in the Linux
kernel contained a use-after-free vulnerability on device disconnect. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2019-19529)

It was discovered that the PEAK-System Technik USB driver in the Linux
kernel did not properly sanitize memory before sending it to the device. A
physically proximate attacker could use this to expose sensitive
information (kernel memory). (CVE-2019-19534)

Tristan Madani discovered that the ALSA timer implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19807)

It was discovered that the DesignWare USB3 controller driver in the Linux
kernel did not properly deallocate memory in some error conditions. A local
attacker could possibly use this to cause a denial of service (memory
exhaustion). (CVE-2019-18813)

Package Affected Version
pkg:deb/ubuntu/linux-image-virtual?distro=eoan < 5.3.0.26.30
pkg:deb/ubuntu/linux-image-snapdragon?distro=eoan < 5.3.0.26.30
pkg:deb/ubuntu/linux-image-raspi2?distro=eoan < 5.3.0.1015.12
pkg:deb/ubuntu/linux-image-oracle?distro=eoan < 5.3.0.1008.9
pkg:deb/ubuntu/linux-image-lowlatency?distro=eoan < 5.3.0.26.30
pkg:deb/ubuntu/linux-image-kvm?distro=eoan < 5.3.0.1009.11
pkg:deb/ubuntu/linux-image-gke?distro=eoan < 5.3.0.1011.12
pkg:deb/ubuntu/linux-image-generic?distro=eoan < 5.3.0.26.30
pkg:deb/ubuntu/linux-image-generic-lpae?distro=eoan < 5.3.0.26.30
pkg:deb/ubuntu/linux-image-gcp?distro=eoan < 5.3.0.1011.12
pkg:deb/ubuntu/linux-image-gcp-edge?distro=bionic < 5.3.0.1010.10
pkg:deb/ubuntu/linux-image-azure?distro=eoan < 5.3.0.1009.27
pkg:deb/ubuntu/linux-image-azure-edge?distro=bionic < 5.3.0.1009.9
pkg:deb/ubuntu/linux-image-aws?distro=eoan < 5.3.0.1009.11
pkg:deb/ubuntu/linux-image-5.3.0-26-snapdragon?distro=eoan < 5.3.0-26.28
pkg:deb/ubuntu/linux-image-5.3.0-26-lowlatency?distro=eoan < 5.3.0-26.28
pkg:deb/ubuntu/linux-image-5.3.0-26-generic?distro=eoan < 5.3.0-26.28
pkg:deb/ubuntu/linux-image-5.3.0-26-generic-lpae?distro=eoan < 5.3.0-26.28
pkg:deb/ubuntu/linux-image-5.3.0-1015-raspi2?distro=eoan < 5.3.0-1015.17
pkg:deb/ubuntu/linux-image-5.3.0-1011-gcp?distro=eoan < 5.3.0-1011.12
pkg:deb/ubuntu/linux-image-5.3.0-1010-gcp?distro=bionic < 5.3.0-1010.11~18.04.1
pkg:deb/ubuntu/linux-image-5.3.0-1009-kvm?distro=eoan < 5.3.0-1009.10
pkg:deb/ubuntu/linux-image-5.3.0-1009-azure?distro=eoan < 5.3.0-1009.10
pkg:deb/ubuntu/linux-image-5.3.0-1009-azure?distro=bionic < 5.3.0-1009.10~18.04.1
pkg:deb/ubuntu/linux-image-5.3.0-1009-aws?distro=eoan < 5.3.0-1009.10
pkg:deb/ubuntu/linux-image-5.3.0-1008-oracle?distro=eoan < 5.3.0-1008.9
ID
USN-4225-1
Severity
medium
URL
https://ubuntu.com/security/notices/USN-4225-1
Published
2020-01-07T01:09:46
(4 years ago)
Modified
2020-01-07T01:09:46
(4 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/linux-image-virtual?distro=eoan ubuntu linux-image-virtual < 5.3.0.26.30 eoan
Affected pkg:deb/ubuntu/linux-image-snapdragon?distro=eoan ubuntu linux-image-snapdragon < 5.3.0.26.30 eoan
Affected pkg:deb/ubuntu/linux-image-raspi2?distro=eoan ubuntu linux-image-raspi2 < 5.3.0.1015.12 eoan
Affected pkg:deb/ubuntu/linux-image-oracle?distro=eoan ubuntu linux-image-oracle < 5.3.0.1008.9 eoan
Affected pkg:deb/ubuntu/linux-image-lowlatency?distro=eoan ubuntu linux-image-lowlatency < 5.3.0.26.30 eoan
Affected pkg:deb/ubuntu/linux-image-kvm?distro=eoan ubuntu linux-image-kvm < 5.3.0.1009.11 eoan
Affected pkg:deb/ubuntu/linux-image-gke?distro=eoan ubuntu linux-image-gke < 5.3.0.1011.12 eoan
Affected pkg:deb/ubuntu/linux-image-generic?distro=eoan ubuntu linux-image-generic < 5.3.0.26.30 eoan
Affected pkg:deb/ubuntu/linux-image-generic-lpae?distro=eoan ubuntu linux-image-generic-lpae < 5.3.0.26.30 eoan
Affected pkg:deb/ubuntu/linux-image-gcp?distro=eoan ubuntu linux-image-gcp < 5.3.0.1011.12 eoan
Affected pkg:deb/ubuntu/linux-image-gcp-edge?distro=bionic ubuntu linux-image-gcp-edge < 5.3.0.1010.10 bionic
Affected pkg:deb/ubuntu/linux-image-azure?distro=eoan ubuntu linux-image-azure < 5.3.0.1009.27 eoan
Affected pkg:deb/ubuntu/linux-image-azure-edge?distro=bionic ubuntu linux-image-azure-edge < 5.3.0.1009.9 bionic
Affected pkg:deb/ubuntu/linux-image-aws?distro=eoan ubuntu linux-image-aws < 5.3.0.1009.11 eoan
Affected pkg:deb/ubuntu/linux-image-5.3.0-26-snapdragon?distro=eoan ubuntu linux-image-5.3.0-26-snapdragon < 5.3.0-26.28 eoan
Affected pkg:deb/ubuntu/linux-image-5.3.0-26-lowlatency?distro=eoan ubuntu linux-image-5.3.0-26-lowlatency < 5.3.0-26.28 eoan
Affected pkg:deb/ubuntu/linux-image-5.3.0-26-generic?distro=eoan ubuntu linux-image-5.3.0-26-generic < 5.3.0-26.28 eoan
Affected pkg:deb/ubuntu/linux-image-5.3.0-26-generic-lpae?distro=eoan ubuntu linux-image-5.3.0-26-generic-lpae < 5.3.0-26.28 eoan
Affected pkg:deb/ubuntu/linux-image-5.3.0-1015-raspi2?distro=eoan ubuntu linux-image-5.3.0-1015-raspi2 < 5.3.0-1015.17 eoan
Affected pkg:deb/ubuntu/linux-image-5.3.0-1011-gcp?distro=eoan ubuntu linux-image-5.3.0-1011-gcp < 5.3.0-1011.12 eoan
Affected pkg:deb/ubuntu/linux-image-5.3.0-1010-gcp?distro=bionic ubuntu linux-image-5.3.0-1010-gcp < 5.3.0-1010.11~18.04.1 bionic
Affected pkg:deb/ubuntu/linux-image-5.3.0-1009-kvm?distro=eoan ubuntu linux-image-5.3.0-1009-kvm < 5.3.0-1009.10 eoan
Affected pkg:deb/ubuntu/linux-image-5.3.0-1009-azure?distro=eoan ubuntu linux-image-5.3.0-1009-azure < 5.3.0-1009.10 eoan
Affected pkg:deb/ubuntu/linux-image-5.3.0-1009-azure?distro=bionic ubuntu linux-image-5.3.0-1009-azure < 5.3.0-1009.10~18.04.1 bionic
Affected pkg:deb/ubuntu/linux-image-5.3.0-1009-aws?distro=eoan ubuntu linux-image-5.3.0-1009-aws < 5.3.0-1009.10 eoan
Affected pkg:deb/ubuntu/linux-image-5.3.0-1008-oracle?distro=eoan ubuntu linux-image-5.3.0-1008-oracle < 5.3.0-1008.9 eoan
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date