Test ID:	1.3.6.1.4.1.25623.1.0.844410
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4342-1)
Summary:	The remote host is missing an update for the 'linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2, linux-raspi2-5.3' package(s) announced via the USN-4342-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2, linux-raspi2-5.3' package(s) announced via the USN-4342-1 advisory. Vulnerability Insight: Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-11884) It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16234) Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-19768) It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the ability to perform ioctl() calls on /dev/vhost-net could use this to cause a denial of service (system crash). (CVE-2020-10942) It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648) Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). (CVE-2020-8992) Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-9383) Affected Software/OS: 'linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2, linux-raspi2-5.3' package(s) on Ubuntu 18.04, Ubuntu 19.10. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-16234 https://lkml.org/lkml/2019/9/9/487 SuSE Security Announcement: openSUSE-SU-2019:2392 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html SuSE Security Announcement: openSUSE-SU-2019:2444 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html https://usn.ubuntu.com/4342-1/ https://usn.ubuntu.com/4344-1/ https://usn.ubuntu.com/4345-1/ https://usn.ubuntu.com/4346-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-19768 Debian Security Information: DSA-4698 (Google Search) https://www.debian.org/security/2020/dsa-4698 https://bugzilla.kernel.org/show_bug.cgi?id=205711 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html SuSE Security Announcement: openSUSE-SU-2020:0388 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html Common Vulnerability Exposure (CVE) ID: CVE-2020-10942 Debian Security Information: DSA-4667 (Google Search) https://www.debian.org/security/2020/dsa-4667 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8 https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 https://lkml.org/lkml/2020/2/15/125 http://www.openwall.com/lists/oss-security/2020/04/15/4 SuSE Security Announcement: openSUSE-SU-2020:0543 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html https://usn.ubuntu.com/4364-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-11884 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/ https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000 https://usn.ubuntu.com/4343-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-8648 https://bugzilla.kernel.org/show_bug.cgi?id=206361 SuSE Security Announcement: openSUSE-SU-2020:0336 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html Common Vulnerability Exposure (CVE) ID: CVE-2020-8992 https://patchwork.ozlabs.org/patch/1236118/ https://usn.ubuntu.com/4318-1/ https://usn.ubuntu.com/4324-1/ https://usn.ubuntu.com/4419-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-9383 https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530 https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.