Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.844606
Categoría:Ubuntu Local Security Checks
Título:Ubuntu: Security Advisory for linux (USN-4527-1)
Resumen:The remote host is missing an update for the 'linux'; package(s) announced via the USN-4527-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'linux'
package(s) announced via the USN-4527-1 advisory.

Vulnerability Insight:
It was discovered that the Connexant 23885 TV card device driver for the
Linux kernel did not properly deallocate memory in some error conditions. A
local attacker could use this to cause a denial of service (memory
exhaustion). (CVE-2019-19054)

It was discovered that the Atheros HTC based wireless driver in the Linux
kernel did not properly deallocate in certain error conditions. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2019-19073, CVE-2019-19074)

Yue Haibing discovered that the Linux kernel did not properly handle
reference counting in sysfs for network devices in some situations. A local
attacker could possibly use this to cause a denial of service.
(CVE-2019-20811)

It was discovered that the F2FS file system in the Linux kernel did not
properly perform bounds checking in some situations, leading to an out-of-
bounds read. A local attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2019-9445)

It was discovered that the F2FS file system in the Linux kernel did not
properly validate xattr meta data in some situations, leading to an out-of-
bounds read. An attacker could use this to construct a malicious F2FS image
that, when mounted, could expose sensitive information (kernel memory).
(CVE-2019-9453)

It was discovered that the F2FS file system implementation in the Linux
kernel did not properly perform bounds checking on xattrs in some
situations. A local attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2020-0067)

It was discovered that the NFS client implementation in the Linux kernel
did not properly perform bounds checking before copying security labels in
some situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-25212)

Affected Software/OS:
'linux' package(s) on Ubuntu 16.04 LTS.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-9445
https://source.android.com/security/bulletin/pixel/2019-09-01
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
https://usn.ubuntu.com/4526-1/
https://usn.ubuntu.com/4527-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9453
Common Vulnerability Exposure (CVE) ID: CVE-2020-0067
http://android.googlesource.com/kernel/common/+/688078e7
http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html
https://usn.ubuntu.com/4387-1/
https://usn.ubuntu.com/4388-1/
https://usn.ubuntu.com/4389-1/
https://usn.ubuntu.com/4390-1/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.