USN-4116-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4116-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4116-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4116-1
Related
  • CVE-2018-20856
  • CVE-2019-10638
  • CVE-2019-13648
  • CVE-2019-14283
  • CVE-2019-14284
  • CVE-2019-3900
Published
2019-09-02T21:07:31.117210Z
Modified
2019-09-02T21:07:31.117210Z
Summary
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Details

It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856)

Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)

Praveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648)

It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283)

It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)

Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900)

References

Affected packages

Ubuntu:16.04:LTS / linux-raspi2

Package

Name
linux-raspi2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1120.129

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1120-raspi2": "4.4.0-1120.129",
            "linux-image-raspi2": "4.4.0.1120.120"
        }
    ]
}

Ubuntu:16.04:LTS / linux

Package

Name
linux

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-161.189

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-lowlatency-lts-vivid": "4.4.0.161.169",
            "linux-image-virtual-lts-vivid": "4.4.0.161.169",
            "linux-image-powerpc64-emb": "4.4.0.161.169",
            "linux-image-lowlatency-lts-wily": "4.4.0.161.169",
            "linux-image-powerpc-e500mc-lts-utopic": "4.4.0.161.169",
            "linux-image-powerpc-smp-lts-wily": "4.4.0.161.169",
            "linux-image-generic-lpae-lts-vivid": "4.4.0.161.169",
            "linux-image-virtual-lts-utopic": "4.4.0.161.169",
            "linux-image-powerpc64-smp-lts-xenial": "4.4.0.161.169",
            "linux-image-powerpc64-emb-lts-utopic": "4.4.0.161.169",
            "linux-image-powerpc64-smp-lts-wily": "4.4.0.161.169",
            "linux-image-powerpc-smp-lts-utopic": "4.4.0.161.169",
            "linux-image-virtual-lts-xenial": "4.4.0.161.169",
            "linux-image-powerpc64-smp": "4.4.0.161.169",
            "linux-image-powerpc-e500mc-lts-wily": "4.4.0.161.169",
            "linux-image-4.4.0-161-powerpc-smp": "4.4.0-161.189",
            "linux-image-powerpc64-emb-lts-vivid": "4.4.0.161.169",
            "linux-image-powerpc-smp-lts-vivid": "4.4.0.161.169",
            "linux-image-generic-lts-xenial": "4.4.0.161.169",
            "linux-image-lowlatency": "4.4.0.161.169",
            "linux-image-powerpc64-smp-lts-vivid": "4.4.0.161.169",
            "linux-image-powerpc-smp-lts-xenial": "4.4.0.161.169",
            "linux-image-virtual": "4.4.0.161.169",
            "linux-image-generic-lpae-lts-xenial": "4.4.0.161.169",
            "linux-image-powerpc64-emb-lts-wily": "4.4.0.161.169",
            "linux-image-generic-lts-utopic": "4.4.0.161.169",
            "linux-image-generic-lts-vivid": "4.4.0.161.169",
            "linux-image-powerpc64-smp-lts-utopic": "4.4.0.161.169",
            "linux-image-4.4.0-161-generic-lpae": "4.4.0-161.189",
            "linux-image-powerpc-e500mc-lts-xenial": "4.4.0.161.169",
            "linux-image-generic-lpae-lts-utopic": "4.4.0.161.169",
            "linux-image-powerpc-e500mc-lts-vivid": "4.4.0.161.169",
            "linux-image-4.4.0-161-powerpc64-smp": "4.4.0-161.189",
            "linux-image-powerpc-e500mc": "4.4.0.161.169",
            "linux-image-4.4.0-161-lowlatency": "4.4.0-161.189",
            "linux-image-virtual-lts-wily": "4.4.0.161.169",
            "linux-image-lowlatency-lts-xenial": "4.4.0.161.169",
            "linux-image-generic-lpae-lts-wily": "4.4.0.161.169",
            "linux-image-lowlatency-lts-utopic": "4.4.0.161.169",
            "linux-image-powerpc64-emb-lts-xenial": "4.4.0.161.169",
            "linux-image-generic": "4.4.0.161.169",
            "linux-image-powerpc-smp": "4.4.0.161.169",
            "linux-image-generic-lts-wily": "4.4.0.161.169",
            "linux-image-4.4.0-161-generic": "4.4.0-161.189",
            "linux-image-4.4.0-161-powerpc-e500mc": "4.4.0-161.189",
            "linux-image-generic-lpae": "4.4.0.161.169",
            "linux-image-4.4.0-161-powerpc64-emb": "4.4.0-161.189"
        }
    ]
}

Ubuntu:16.04:LTS / linux-kvm

Package

Name
linux-kvm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1056.63

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1056-kvm": "4.4.0-1056.63",
            "linux-image-kvm": "4.4.0.1056.56"
        }
    ]
}

Ubuntu:16.04:LTS / linux-snapdragon

Package

Name
linux-snapdragon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1124.130

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-snapdragon": "4.4.0.1124.116",
            "linux-image-4.4.0-1124-snapdragon": "4.4.0-1124.130"
        }
    ]
}

Ubuntu:16.04:LTS / linux-aws

Package

Name
linux-aws

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1092.103

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1092-aws": "4.4.0-1092.103",
            "linux-image-aws": "4.4.0.1092.96"
        }
    ]
}