Test ID:	1.3.6.1.4.1.25623.1.0.844314
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4254-1)
Summary:	The remote host is missing an update for the 'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) announced via the USN-4254-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) announced via the USN-4254-1 advisory. Vulnerability Insight: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683) It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2019-18885) It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex Driver for the Linux kernel. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19057) It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19062) It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19063) Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-19227) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-19332) It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291) Affected Software/OS: 'linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon' package(s) on Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-14615 http://seclists.org/fulldisclosure/2020/Mar/31 http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html SuSE Security Announcement: openSUSE-SU-2020:0336 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://usn.ubuntu.com/4253-1/ https://usn.ubuntu.com/4253-2/ https://usn.ubuntu.com/4254-1/ https://usn.ubuntu.com/4254-2/ https://usn.ubuntu.com/4255-1/ https://usn.ubuntu.com/4255-2/ https://usn.ubuntu.com/4284-1/ https://usn.ubuntu.com/4285-1/ https://usn.ubuntu.com/4286-1/ https://usn.ubuntu.com/4286-2/ https://usn.ubuntu.com/4287-1/ https://usn.ubuntu.com/4287-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-15291 Bugtraq: 20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01) (Google Search) https://seclists.org/bugtraq/2020/Jan/10 http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html http://www.openwall.com/lists/oss-security/2019/08/20/2 http://www.openwall.com/lists/oss-security/2019/08/22/1 SuSE Security Announcement: openSUSE-SU-2019:2307 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html SuSE Security Announcement: openSUSE-SU-2019:2308 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html https://usn.ubuntu.com/4258-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-18683 https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/ https://www.openwall.com/lists/oss-security/2019/11/02/1 http://www.openwall.com/lists/oss-security/2019/11/05/1 SuSE Security Announcement: openSUSE-SU-2019:2675 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html Common Vulnerability Exposure (CVE) ID: CVE-2019-18885 https://security.netapp.com/advisory/ntap-20191205-0001/ https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ba3bc9dd150457c506e4661380a6183af651c1 https://github.com/bobfuzzer/CVE-2019-18885 https://github.com/torvalds/linux/commit/09ba3bc9dd150457c506e4661380a6183af651c1 https://www.oracle.com/security-alerts/cpuApr2021.html https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html Common Vulnerability Exposure (CVE) ID: CVE-2019-19057 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/ https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c Common Vulnerability Exposure (CVE) ID: CVE-2019-19062 https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc Common Vulnerability Exposure (CVE) ID: CVE-2019-19063 https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb Common Vulnerability Exposure (CVE) ID: CVE-2019-19227 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9804501fa1228048857910a6bf23e085aade37cc Common Vulnerability Exposure (CVE) ID: CVE-2019-19332 USN-4254-1 USN-4254-2 USN-4258-1 USN-4284-1 USN-4287-1 USN-4287-2 [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332 https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com/ https://security.netapp.com/advisory/ntap-20200204-0002/ https://www.openwall.com/lists/oss-security/2019/12/16/1 openSUSE-SU-2020:0336
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.