Test ID:	1.3.6.1.4.1.25623.1.0.844409
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4344-1)
Summary:	The remote host is missing an update for the 'linux-gke-5.0, linux-oem-osp1' package(s) announced via the USN-4344-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-gke-5.0, linux-oem-osp1' package(s) announced via the USN-4344-1 advisory. Vulnerability Insight: It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16234) It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19051) Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-19768) It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the ability to perform ioctl() calls on /dev/vhost-net could use this to cause a denial of service (system crash). (CVE-2020-10942) It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648) Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). (CVE-2020-8992) Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-9383) Affected Software/OS: 'linux-gke-5.0, linux-oem-osp1' package(s) on Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 5.4 CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-16234 https://lkml.org/lkml/2019/9/9/487 SuSE Security Announcement: openSUSE-SU-2019:2392 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html SuSE Security Announcement: openSUSE-SU-2019:2444 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html https://usn.ubuntu.com/4342-1/ https://usn.ubuntu.com/4344-1/ https://usn.ubuntu.com/4345-1/ https://usn.ubuntu.com/4346-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-19051 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 https://github.com/torvalds/linux/commit/6f3ef5c25cc762687a7341c18cbea5af54461407 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html SuSE Security Announcement: openSUSE-SU-2020:0336 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://usn.ubuntu.com/4225-1/ https://usn.ubuntu.com/4225-2/ https://usn.ubuntu.com/4286-1/ https://usn.ubuntu.com/4286-2/ https://usn.ubuntu.com/4302-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-19768 Debian Security Information: DSA-4698 (Google Search) https://www.debian.org/security/2020/dsa-4698 https://bugzilla.kernel.org/show_bug.cgi?id=205711 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html SuSE Security Announcement: openSUSE-SU-2020:0388 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html Common Vulnerability Exposure (CVE) ID: CVE-2020-10942 Debian Security Information: DSA-4667 (Google Search) https://www.debian.org/security/2020/dsa-4667 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8 https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 https://lkml.org/lkml/2020/2/15/125 http://www.openwall.com/lists/oss-security/2020/04/15/4 SuSE Security Announcement: openSUSE-SU-2020:0543 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html https://usn.ubuntu.com/4364-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-8648 https://bugzilla.kernel.org/show_bug.cgi?id=206361 Common Vulnerability Exposure (CVE) ID: CVE-2020-8992 https://patchwork.ozlabs.org/patch/1236118/ https://usn.ubuntu.com/4318-1/ https://usn.ubuntu.com/4324-1/ https://usn.ubuntu.com/4419-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-9383 https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530 https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.