Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.844565
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory for linux (USN-4483-1)
Summary:The remote host is missing an update for the 'linux'; package(s) announced via the USN-4483-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux'
package(s) announced via the USN-4483-1 advisory.

Vulnerability Insight:
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux
kernel did not properly deallocate memory in some failure conditions. A
physically proximate attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2019-20810)

Fan Yang discovered that the mremap implementation in the Linux kernel did
not properly handle DAX Huge Pages. A local attacker with access to DAX
storage could use this to gain administrative privileges. (CVE-2020-10757)

It was discovered that the Linux kernel did not correctly apply Speculative
Store Bypass Disable (SSBD) mitigations in certain situations. A local
attacker could possibly use this to expose sensitive information.
(CVE-2020-10766)

It was discovered that the Linux kernel did not correctly apply Indirect
Branch Predictor Barrier (IBPB) mitigations in certain situations. A local
attacker could possibly use this to expose sensitive information.
(CVE-2020-10767)

It was discovered that the Linux kernel could incorrectly enable Indirect
Branch Speculation after it has been disabled for a process via a prctl()
call. A local attacker could possibly use this to expose sensitive
information. (CVE-2020-10768)

Luca Bruno discovered that the zram module in the Linux kernel did not
properly restrict unprivileged users from accessing the hot_add sysfs file.
A local attacker could use this to cause a denial of service (memory
exhaustion). (CVE-2020-10781)

It was discovered that the XFS file system implementation in the Linux
kernel did not properly validate meta data in some circumstances. An
attacker could use this to construct a malicious XFS image that, when
mounted, could cause a denial of service. (CVE-2020-12655)

It was discovered that the bcache subsystem in the Linux kernel did not
properly release a lock in some error conditions. A local attacker could
possibly use this to cause a denial of service. (CVE-2020-12771)

It was discovered that the Virtual Terminal keyboard driver in the Linux
kernel contained an integer overflow. A local attacker could possibly use
this to have an unspecified impact. (CVE-2020-13974)

It was discovered that the cgroup v2 subsystem in the Linux kernel did not
properly perform reference counting in some situations, leading to a NULL
pointer dereference. A local attacker could use this to cause a denial of
service or possibly gain administrative privileges. (CVE-2020-14356)

Kyungtae Kim discovered that the USB testing driver in the Linux kernel did
not properly deallocate memory on disconnect events. A physically proximate
attacker could use this to cause a denial of service (m ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'linux' package(s) on Ubuntu 20.04 LTS, Ubuntu 18.04 LTS.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-20810
Common Vulnerability Exposure (CVE) ID: CVE-2020-10757
Common Vulnerability Exposure (CVE) ID: CVE-2020-10766
Common Vulnerability Exposure (CVE) ID: CVE-2020-10767
Common Vulnerability Exposure (CVE) ID: CVE-2020-10768
Common Vulnerability Exposure (CVE) ID: CVE-2020-10781
Common Vulnerability Exposure (CVE) ID: CVE-2020-12655
Common Vulnerability Exposure (CVE) ID: CVE-2020-12771
Common Vulnerability Exposure (CVE) ID: CVE-2020-13974
Common Vulnerability Exposure (CVE) ID: CVE-2020-14356
Common Vulnerability Exposure (CVE) ID: CVE-2020-15393
Common Vulnerability Exposure (CVE) ID: CVE-2020-24394
Common Vulnerability Exposure (CVE) ID: CVE-2020-12656
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.