Ubuntu update for linux
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2019-18808 CVE-2019-19054 CVE-2019-19061 CVE-2019-19073 CVE-2019-19074 CVE-2019-9445 CVE-2020-12888 CVE-2020-14356 CVE-2020-16166 |
| CWE-ID | CWE-401 CWE-125 CWE-476 CWE-330 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1096-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1075-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-snapdragon (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gke-4.15 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-118-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-118-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-118-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1097-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1087-snapdragon (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1084-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1083-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1071-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1070-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1054-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-hwe-16.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-hwe-16.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae-hwe-16.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-16.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-edge (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws-hwe (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU24433
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-18808
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "ccp_run_sha_cmd()" function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows a local user to cause a denial of service (memory consumption).
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1096.72
linux-image-4.15.0-1096-azure (Ubuntu package): before 4.15.0-1096.106~14.04.1
linux-image-kvm (Ubuntu package): before 4.15.0.1075.71
linux-image-4.15.0-1075-kvm (Ubuntu package): before 4.15.0-1075.76
linux-image-virtual (Ubuntu package): before 4.15.0.118.105
linux-image-snapdragon (Ubuntu package): before 4.15.0.1087.90
linux-image-raspi2 (Ubuntu package): before 4.15.0.1071.68
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1054.64
linux-image-oem (Ubuntu package): before 4.15.0.118.119
linux-image-lowlatency (Ubuntu package): before 4.15.0.118.105
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1070.74
linux-image-gke (Ubuntu package): before 4.15.0.1070.74
linux-image-generic-lpae (Ubuntu package): before 4.15.0.118.105
linux-image-generic (Ubuntu package): before 4.15.0.118.105
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1084.102
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1096.69
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1083.85
linux-image-4.15.0-118-lowlatency (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic-lpae (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-1097-oem (Ubuntu package): before 4.15.0-1097.107
linux-image-4.15.0-1087-snapdragon (Ubuntu package): before 4.15.0-1087.95
linux-image-4.15.0-1084-gcp (Ubuntu package): before 4.15.0-1084.95~16.04.1
linux-image-4.15.0-1083-aws (Ubuntu package): before 4.15.0-1083.87~16.04.1
linux-image-4.15.0-1071-raspi2 (Ubuntu package): before 4.15.0-1071.75
linux-image-4.15.0-1070-gke (Ubuntu package): before 4.15.0-1070.73
linux-image-4.15.0-1054-oracle (Ubuntu package): before 4.15.0-1054.58~16.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-oracle (Ubuntu package): before 4.15.0.1054.44
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-lpae-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-gcp (Ubuntu package): before 4.15.0.1084.85
linux-image-azure-edge (Ubuntu package): before 4.15.0.1096.90
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1083.79
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1096-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1075-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1097-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1087-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1071-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1070-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1054-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4526-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU23021
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-19054
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "cx23888_ir_probe()" function in "drivers/media/pci/cx23885/cx23888-ir.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "kfifo_alloc()" failures.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1096.72
linux-image-4.15.0-1096-azure (Ubuntu package): before 4.15.0-1096.106~14.04.1
linux-image-kvm (Ubuntu package): before 4.15.0.1075.71
linux-image-4.15.0-1075-kvm (Ubuntu package): before 4.15.0-1075.76
linux-image-virtual (Ubuntu package): before 4.15.0.118.105
linux-image-snapdragon (Ubuntu package): before 4.15.0.1087.90
linux-image-raspi2 (Ubuntu package): before 4.15.0.1071.68
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1054.64
linux-image-oem (Ubuntu package): before 4.15.0.118.119
linux-image-lowlatency (Ubuntu package): before 4.15.0.118.105
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1070.74
linux-image-gke (Ubuntu package): before 4.15.0.1070.74
linux-image-generic-lpae (Ubuntu package): before 4.15.0.118.105
linux-image-generic (Ubuntu package): before 4.15.0.118.105
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1084.102
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1096.69
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1083.85
linux-image-4.15.0-118-lowlatency (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic-lpae (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-1097-oem (Ubuntu package): before 4.15.0-1097.107
linux-image-4.15.0-1087-snapdragon (Ubuntu package): before 4.15.0-1087.95
linux-image-4.15.0-1084-gcp (Ubuntu package): before 4.15.0-1084.95~16.04.1
linux-image-4.15.0-1083-aws (Ubuntu package): before 4.15.0-1083.87~16.04.1
linux-image-4.15.0-1071-raspi2 (Ubuntu package): before 4.15.0-1071.75
linux-image-4.15.0-1070-gke (Ubuntu package): before 4.15.0-1070.73
linux-image-4.15.0-1054-oracle (Ubuntu package): before 4.15.0-1054.58~16.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-oracle (Ubuntu package): before 4.15.0.1054.44
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-lpae-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-gcp (Ubuntu package): before 4.15.0.1084.85
linux-image-azure-edge (Ubuntu package): before 4.15.0.1096.90
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1083.79
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1096-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1075-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1097-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1087-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1071-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1070-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1054-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4526-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU24432
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-19061
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "adis_update_scan_mode_burst()" function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows a local user to cause a denial of service (memory consumption).
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1096.72
linux-image-4.15.0-1096-azure (Ubuntu package): before 4.15.0-1096.106~14.04.1
linux-image-kvm (Ubuntu package): before 4.15.0.1075.71
linux-image-4.15.0-1075-kvm (Ubuntu package): before 4.15.0-1075.76
linux-image-virtual (Ubuntu package): before 4.15.0.118.105
linux-image-snapdragon (Ubuntu package): before 4.15.0.1087.90
linux-image-raspi2 (Ubuntu package): before 4.15.0.1071.68
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1054.64
linux-image-oem (Ubuntu package): before 4.15.0.118.119
linux-image-lowlatency (Ubuntu package): before 4.15.0.118.105
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1070.74
linux-image-gke (Ubuntu package): before 4.15.0.1070.74
linux-image-generic-lpae (Ubuntu package): before 4.15.0.118.105
linux-image-generic (Ubuntu package): before 4.15.0.118.105
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1084.102
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1096.69
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1083.85
linux-image-4.15.0-118-lowlatency (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic-lpae (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-1097-oem (Ubuntu package): before 4.15.0-1097.107
linux-image-4.15.0-1087-snapdragon (Ubuntu package): before 4.15.0-1087.95
linux-image-4.15.0-1084-gcp (Ubuntu package): before 4.15.0-1084.95~16.04.1
linux-image-4.15.0-1083-aws (Ubuntu package): before 4.15.0-1083.87~16.04.1
linux-image-4.15.0-1071-raspi2 (Ubuntu package): before 4.15.0-1071.75
linux-image-4.15.0-1070-gke (Ubuntu package): before 4.15.0-1070.73
linux-image-4.15.0-1054-oracle (Ubuntu package): before 4.15.0-1054.58~16.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-oracle (Ubuntu package): before 4.15.0.1054.44
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-lpae-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-gcp (Ubuntu package): before 4.15.0.1084.85
linux-image-azure-edge (Ubuntu package): before 4.15.0.1096.90
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1083.79
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1096-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1075-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1097-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1087-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1071-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1070-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1054-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4526-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU23033
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-19073
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "htc_config_pipe_credits()", "htc_setup_complete()" and "htc_connect_service()" functions in "drivers/net/wireless/ath/ath9k/htc_hst.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "wait_for_completion_timeout()" failures. MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1096.72
linux-image-4.15.0-1096-azure (Ubuntu package): before 4.15.0-1096.106~14.04.1
linux-image-kvm (Ubuntu package): before 4.15.0.1075.71
linux-image-4.15.0-1075-kvm (Ubuntu package): before 4.15.0-1075.76
linux-image-virtual (Ubuntu package): before 4.15.0.118.105
linux-image-snapdragon (Ubuntu package): before 4.15.0.1087.90
linux-image-raspi2 (Ubuntu package): before 4.15.0.1071.68
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1054.64
linux-image-oem (Ubuntu package): before 4.15.0.118.119
linux-image-lowlatency (Ubuntu package): before 4.15.0.118.105
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1070.74
linux-image-gke (Ubuntu package): before 4.15.0.1070.74
linux-image-generic-lpae (Ubuntu package): before 4.15.0.118.105
linux-image-generic (Ubuntu package): before 4.15.0.118.105
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1084.102
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1096.69
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1083.85
linux-image-4.15.0-118-lowlatency (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic-lpae (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-1097-oem (Ubuntu package): before 4.15.0-1097.107
linux-image-4.15.0-1087-snapdragon (Ubuntu package): before 4.15.0-1087.95
linux-image-4.15.0-1084-gcp (Ubuntu package): before 4.15.0-1084.95~16.04.1
linux-image-4.15.0-1083-aws (Ubuntu package): before 4.15.0-1083.87~16.04.1
linux-image-4.15.0-1071-raspi2 (Ubuntu package): before 4.15.0-1071.75
linux-image-4.15.0-1070-gke (Ubuntu package): before 4.15.0-1070.73
linux-image-4.15.0-1054-oracle (Ubuntu package): before 4.15.0-1054.58~16.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-oracle (Ubuntu package): before 4.15.0.1054.44
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-lpae-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-gcp (Ubuntu package): before 4.15.0.1084.85
linux-image-azure-edge (Ubuntu package): before 4.15.0.1096.90
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1083.79
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1096-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1075-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1097-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1087-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1071-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1070-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1054-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4526-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU23029
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-19074
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "ath9k_wmi_cmd()" function in "drivers/net/wireless/ath/ath9k/wmi.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption).
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1096.72
linux-image-4.15.0-1096-azure (Ubuntu package): before 4.15.0-1096.106~14.04.1
linux-image-kvm (Ubuntu package): before 4.15.0.1075.71
linux-image-4.15.0-1075-kvm (Ubuntu package): before 4.15.0-1075.76
linux-image-virtual (Ubuntu package): before 4.15.0.118.105
linux-image-snapdragon (Ubuntu package): before 4.15.0.1087.90
linux-image-raspi2 (Ubuntu package): before 4.15.0.1071.68
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1054.64
linux-image-oem (Ubuntu package): before 4.15.0.118.119
linux-image-lowlatency (Ubuntu package): before 4.15.0.118.105
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1070.74
linux-image-gke (Ubuntu package): before 4.15.0.1070.74
linux-image-generic-lpae (Ubuntu package): before 4.15.0.118.105
linux-image-generic (Ubuntu package): before 4.15.0.118.105
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1084.102
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1096.69
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1083.85
linux-image-4.15.0-118-lowlatency (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic-lpae (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-1097-oem (Ubuntu package): before 4.15.0-1097.107
linux-image-4.15.0-1087-snapdragon (Ubuntu package): before 4.15.0-1087.95
linux-image-4.15.0-1084-gcp (Ubuntu package): before 4.15.0-1084.95~16.04.1
linux-image-4.15.0-1083-aws (Ubuntu package): before 4.15.0-1083.87~16.04.1
linux-image-4.15.0-1071-raspi2 (Ubuntu package): before 4.15.0-1071.75
linux-image-4.15.0-1070-gke (Ubuntu package): before 4.15.0-1070.73
linux-image-4.15.0-1054-oracle (Ubuntu package): before 4.15.0-1054.58~16.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-oracle (Ubuntu package): before 4.15.0.1054.44
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-lpae-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-gcp (Ubuntu package): before 4.15.0.1084.85
linux-image-azure-edge (Ubuntu package): before 4.15.0.1096.90
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1083.79
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1096-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1075-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1097-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1087-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1071-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1070-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1054-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4526-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU35550
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-9445
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a missing bounds check when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1096.72
linux-image-4.15.0-1096-azure (Ubuntu package): before 4.15.0-1096.106~14.04.1
linux-image-kvm (Ubuntu package): before 4.15.0.1075.71
linux-image-4.15.0-1075-kvm (Ubuntu package): before 4.15.0-1075.76
linux-image-virtual (Ubuntu package): before 4.15.0.118.105
linux-image-snapdragon (Ubuntu package): before 4.15.0.1087.90
linux-image-raspi2 (Ubuntu package): before 4.15.0.1071.68
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1054.64
linux-image-oem (Ubuntu package): before 4.15.0.118.119
linux-image-lowlatency (Ubuntu package): before 4.15.0.118.105
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1070.74
linux-image-gke (Ubuntu package): before 4.15.0.1070.74
linux-image-generic-lpae (Ubuntu package): before 4.15.0.118.105
linux-image-generic (Ubuntu package): before 4.15.0.118.105
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1084.102
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1096.69
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1083.85
linux-image-4.15.0-118-lowlatency (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic-lpae (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-1097-oem (Ubuntu package): before 4.15.0-1097.107
linux-image-4.15.0-1087-snapdragon (Ubuntu package): before 4.15.0-1087.95
linux-image-4.15.0-1084-gcp (Ubuntu package): before 4.15.0-1084.95~16.04.1
linux-image-4.15.0-1083-aws (Ubuntu package): before 4.15.0-1083.87~16.04.1
linux-image-4.15.0-1071-raspi2 (Ubuntu package): before 4.15.0-1071.75
linux-image-4.15.0-1070-gke (Ubuntu package): before 4.15.0-1070.73
linux-image-4.15.0-1054-oracle (Ubuntu package): before 4.15.0-1054.58~16.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-oracle (Ubuntu package): before 4.15.0.1054.44
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-lpae-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-gcp (Ubuntu package): before 4.15.0.1084.85
linux-image-azure-edge (Ubuntu package): before 4.15.0.1096.90
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1083.79
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1096-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1075-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1097-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1087-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1071-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1070-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1054-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4526-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper Handling of Exceptional Conditions
EUVDB-ID: #VU28159
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-12888
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a deinal of service (DoS) attack.
The vulnerability exists due to the VFIO PCI driver mishandles attempts to access disabled memory space. A local user can cause a denial of service condition on the target system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1096.72
linux-image-4.15.0-1096-azure (Ubuntu package): before 4.15.0-1096.106~14.04.1
linux-image-kvm (Ubuntu package): before 4.15.0.1075.71
linux-image-4.15.0-1075-kvm (Ubuntu package): before 4.15.0-1075.76
linux-image-virtual (Ubuntu package): before 4.15.0.118.105
linux-image-snapdragon (Ubuntu package): before 4.15.0.1087.90
linux-image-raspi2 (Ubuntu package): before 4.15.0.1071.68
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1054.64
linux-image-oem (Ubuntu package): before 4.15.0.118.119
linux-image-lowlatency (Ubuntu package): before 4.15.0.118.105
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1070.74
linux-image-gke (Ubuntu package): before 4.15.0.1070.74
linux-image-generic-lpae (Ubuntu package): before 4.15.0.118.105
linux-image-generic (Ubuntu package): before 4.15.0.118.105
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1084.102
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1096.69
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1083.85
linux-image-4.15.0-118-lowlatency (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic-lpae (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-1097-oem (Ubuntu package): before 4.15.0-1097.107
linux-image-4.15.0-1087-snapdragon (Ubuntu package): before 4.15.0-1087.95
linux-image-4.15.0-1084-gcp (Ubuntu package): before 4.15.0-1084.95~16.04.1
linux-image-4.15.0-1083-aws (Ubuntu package): before 4.15.0-1083.87~16.04.1
linux-image-4.15.0-1071-raspi2 (Ubuntu package): before 4.15.0-1071.75
linux-image-4.15.0-1070-gke (Ubuntu package): before 4.15.0-1070.73
linux-image-4.15.0-1054-oracle (Ubuntu package): before 4.15.0-1054.58~16.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-oracle (Ubuntu package): before 4.15.0.1054.44
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-lpae-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-gcp (Ubuntu package): before 4.15.0.1084.85
linux-image-azure-edge (Ubuntu package): before 4.15.0.1096.90
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1083.79
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1096-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1075-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1097-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1087-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1071-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1070-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1054-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4526-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU49669
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-14356
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel cgroupv2 subsystem during system reboot. A local user can crash the system or execute arbitrary code with elevated privileges.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1096.72
linux-image-4.15.0-1096-azure (Ubuntu package): before 4.15.0-1096.106~14.04.1
linux-image-kvm (Ubuntu package): before 4.15.0.1075.71
linux-image-4.15.0-1075-kvm (Ubuntu package): before 4.15.0-1075.76
linux-image-virtual (Ubuntu package): before 4.15.0.118.105
linux-image-snapdragon (Ubuntu package): before 4.15.0.1087.90
linux-image-raspi2 (Ubuntu package): before 4.15.0.1071.68
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1054.64
linux-image-oem (Ubuntu package): before 4.15.0.118.119
linux-image-lowlatency (Ubuntu package): before 4.15.0.118.105
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1070.74
linux-image-gke (Ubuntu package): before 4.15.0.1070.74
linux-image-generic-lpae (Ubuntu package): before 4.15.0.118.105
linux-image-generic (Ubuntu package): before 4.15.0.118.105
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1084.102
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1096.69
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1083.85
linux-image-4.15.0-118-lowlatency (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic-lpae (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-1097-oem (Ubuntu package): before 4.15.0-1097.107
linux-image-4.15.0-1087-snapdragon (Ubuntu package): before 4.15.0-1087.95
linux-image-4.15.0-1084-gcp (Ubuntu package): before 4.15.0-1084.95~16.04.1
linux-image-4.15.0-1083-aws (Ubuntu package): before 4.15.0-1083.87~16.04.1
linux-image-4.15.0-1071-raspi2 (Ubuntu package): before 4.15.0-1071.75
linux-image-4.15.0-1070-gke (Ubuntu package): before 4.15.0-1070.73
linux-image-4.15.0-1054-oracle (Ubuntu package): before 4.15.0-1054.58~16.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-oracle (Ubuntu package): before 4.15.0.1054.44
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-lpae-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-gcp (Ubuntu package): before 4.15.0.1084.85
linux-image-azure-edge (Ubuntu package): before 4.15.0.1096.90
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1083.79
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1096-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1075-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1097-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1087-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1071-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1070-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1054-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4526-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use of insufficiently random values
EUVDB-ID: #VU95686
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-16166
CWE-ID:
CWE-330 - Use of Insufficiently Random Values
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to use of insufficiently random values error within the prandom_state_selftest() function in lib/random32.c, within the update_process_times() function in kernel/time/timer.c, within the add_interrupt_randomness() function in drivers/char/random.c. A remote non-authenticated attacker can gain access to sensitive information.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1096.72
linux-image-4.15.0-1096-azure (Ubuntu package): before 4.15.0-1096.106~14.04.1
linux-image-kvm (Ubuntu package): before 4.15.0.1075.71
linux-image-4.15.0-1075-kvm (Ubuntu package): before 4.15.0-1075.76
linux-image-virtual (Ubuntu package): before 4.15.0.118.105
linux-image-snapdragon (Ubuntu package): before 4.15.0.1087.90
linux-image-raspi2 (Ubuntu package): before 4.15.0.1071.68
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1054.64
linux-image-oem (Ubuntu package): before 4.15.0.118.119
linux-image-lowlatency (Ubuntu package): before 4.15.0.118.105
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1070.74
linux-image-gke (Ubuntu package): before 4.15.0.1070.74
linux-image-generic-lpae (Ubuntu package): before 4.15.0.118.105
linux-image-generic (Ubuntu package): before 4.15.0.118.105
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1084.102
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1096.69
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1083.85
linux-image-4.15.0-118-lowlatency (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic-lpae (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-118-generic (Ubuntu package): before 4.15.0-118.119~16.04.1
linux-image-4.15.0-1097-oem (Ubuntu package): before 4.15.0-1097.107
linux-image-4.15.0-1087-snapdragon (Ubuntu package): before 4.15.0-1087.95
linux-image-4.15.0-1084-gcp (Ubuntu package): before 4.15.0-1084.95~16.04.1
linux-image-4.15.0-1083-aws (Ubuntu package): before 4.15.0-1083.87~16.04.1
linux-image-4.15.0-1071-raspi2 (Ubuntu package): before 4.15.0-1071.75
linux-image-4.15.0-1070-gke (Ubuntu package): before 4.15.0-1070.73
linux-image-4.15.0-1054-oracle (Ubuntu package): before 4.15.0-1054.58~16.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-oracle (Ubuntu package): before 4.15.0.1054.44
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-lpae-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.118.119
linux-image-gcp (Ubuntu package): before 4.15.0.1084.85
linux-image-azure-edge (Ubuntu package): before 4.15.0.1096.90
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1083.79
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1096-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1075-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-118-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1097-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1087-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1071-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1070-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1054-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4526-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
