|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu: Security Advisory for linux (USN-4419-1)|
|Summary:||The remote host is missing an update for the 'linux'; package(s) announced via the USN-4419-1 advisory.|
The remote host is missing an update for the 'linux'
package(s) announced via the USN-4419-1 advisory.
It was discovered that a race condition existed in the Precision Time
Protocol (PTP) implementation in the Linux kernel, leading to a use-after-
free vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
Matthew Sheets discovered that the SELinux network label handling
implementation in the Linux kernel could be coerced into de-referencing a
NULL pointer. A remote attacker could use this to cause a denial of service
(system crash). (CVE-2020-10711)
It was discovered that the SCSI generic (sg) driver in the Linux kernel did
not properly handle certain error conditions correctly. A local privileged
attacker could use this to cause a denial of service (system crash).
It was discovered that the USB Gadget device driver in the Linux kernel did
not validate arguments passed from configfs in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash) or possibly expose sensitive information. (CVE-2020-13143)
Shijie Luo discovered that the ext4 file system implementation in the Linux
kernel did not properly check for a too-large journal size. An attacker
could use this to construct a malicious ext4 image that, when mounted,
could cause a denial of service (soft lockup). (CVE-2020-8992)
'linux' package(s) on Ubuntu 16.04 LTS.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2020-8992|
SuSE Security Announcement: openSUSE-SU-2020:0336 (Google Search)
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.