Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.844606
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu: Security Advisory for linux (USN-4527-1)
Zusammenfassung:The remote host is missing an update for the 'linux'; package(s) announced via the USN-4527-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'linux'
package(s) announced via the USN-4527-1 advisory.

Vulnerability Insight:
It was discovered that the Connexant 23885 TV card device driver for the
Linux kernel did not properly deallocate memory in some error conditions. A
local attacker could use this to cause a denial of service (memory
exhaustion). (CVE-2019-19054)

It was discovered that the Atheros HTC based wireless driver in the Linux
kernel did not properly deallocate in certain error conditions. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2019-19073, CVE-2019-19074)

Yue Haibing discovered that the Linux kernel did not properly handle
reference counting in sysfs for network devices in some situations. A local
attacker could possibly use this to cause a denial of service.
(CVE-2019-20811)

It was discovered that the F2FS file system in the Linux kernel did not
properly perform bounds checking in some situations, leading to an out-of-
bounds read. A local attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2019-9445)

It was discovered that the F2FS file system in the Linux kernel did not
properly validate xattr meta data in some situations, leading to an out-of-
bounds read. An attacker could use this to construct a malicious F2FS image
that, when mounted, could expose sensitive information (kernel memory).
(CVE-2019-9453)

It was discovered that the F2FS file system implementation in the Linux
kernel did not properly perform bounds checking on xattrs in some
situations. A local attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2020-0067)

It was discovered that the NFS client implementation in the Linux kernel
did not properly perform bounds checking before copying security labels in
some situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-25212)

Affected Software/OS:
'linux' package(s) on Ubuntu 16.04 LTS.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-9445
https://source.android.com/security/bulletin/pixel/2019-09-01
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
https://usn.ubuntu.com/4526-1/
https://usn.ubuntu.com/4527-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9453
Common Vulnerability Exposure (CVE) ID: CVE-2020-0067
http://android.googlesource.com/kernel/common/+/688078e7
http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html
https://usn.ubuntu.com/4387-1/
https://usn.ubuntu.com/4388-1/
https://usn.ubuntu.com/4389-1/
https://usn.ubuntu.com/4390-1/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.