USN-4210-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4210-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4210-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4210-1
Related
Published
2019-12-03T01:00:08.582256Z
Modified
2019-12-03T01:00:08.582256Z
Summary
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
Details

It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746)

Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133)

It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060)

It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19065)

It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19075)

Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075)

References

Affected packages

Ubuntu:18.04:LTS / linux-gke-4.15

Package

Name
linux-gke-4.15

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1049.52

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-gke-4.15": "4.15.0.1049.52",
            "linux-image-gke": "4.15.0.1049.52",
            "linux-image-4.15.0-1049-gke": "4.15.0-1049.52"
        }
    ]
}

Ubuntu:18.04:LTS / linux-kvm

Package

Name
linux-kvm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1051.51

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-1051-kvm": "4.15.0-1051.51",
            "linux-image-kvm": "4.15.0.1051.51"
        }
    ]
}

Ubuntu:18.04:LTS / linux-snapdragon

Package

Name
linux-snapdragon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1069.76

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-snapdragon": "4.15.0.1069.72",
            "linux-image-4.15.0-1069-snapdragon": "4.15.0-1069.76"
        }
    ]
}

Ubuntu:18.04:LTS / linux-aws

Package

Name
linux-aws

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1056.58

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-1056-aws": "4.15.0-1056.58",
            "linux-image-aws": "4.15.0.1056.57",
            "linux-image-aws-lts-18.04": "4.15.0.1056.57"
        }
    ]
}

Ubuntu:18.04:LTS / linux-raspi2

Package

Name
linux-raspi2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1052.56

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-raspi2": "4.15.0.1052.50",
            "linux-image-4.15.0-1052-raspi2": "4.15.0-1052.56"
        }
    ]
}

Ubuntu:18.04:LTS / linux-oracle

Package

Name
linux-oracle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1030.33

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-1030-oracle": "4.15.0-1030.33",
            "linux-image-oracle": "4.15.0.1030.35",
            "linux-image-oracle-lts-18.04": "4.15.0.1030.35"
        }
    ]
}

Ubuntu:18.04:LTS / linux

Package

Name
linux

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-72.81

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-lowlatency-hwe-16.04": "4.15.0.72.74",
            "linux-image-4.15.0-72-lowlatency": "4.15.0-72.81",
            "linux-image-4.15.0-72-generic-lpae": "4.15.0-72.81",
            "linux-image-virtual-hwe-16.04-edge": "4.15.0.72.74",
            "linux-image-generic-hwe-16.04": "4.15.0.72.74",
            "linux-image-generic-lpae-hwe-16.04": "4.15.0.72.74",
            "linux-image-lowlatency": "4.15.0.72.74",
            "linux-image-generic-lpae-hwe-16.04-edge": "4.15.0.72.74",
            "linux-image-generic": "4.15.0.72.74",
            "linux-image-lowlatency-hwe-16.04-edge": "4.15.0.72.74",
            "linux-image-4.15.0-72-generic": "4.15.0-72.81",
            "linux-image-virtual": "4.15.0.72.74",
            "linux-image-generic-hwe-16.04-edge": "4.15.0.72.74",
            "linux-image-generic-lpae": "4.15.0.72.74",
            "linux-image-virtual-hwe-16.04": "4.15.0.72.74"
        }
    ]
}

Ubuntu:18.04:LTS / linux-oem

Package

Name
linux-oem

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1065.75

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-oem": "4.15.0.1065.69",
            "linux-image-4.15.0-1065-oem": "4.15.0-1065.75"
        }
    ]
}

Ubuntu:16.04:LTS / linux-aws-hwe

Package

Name
linux-aws-hwe

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1056.58~16.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-aws-hwe": "4.15.0.1056.56",
            "linux-image-4.15.0-1056-aws": "4.15.0-1056.58~16.04.1"
        }
    ]
}

Ubuntu:16.04:LTS / linux-hwe

Package

Name
linux-hwe

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-72.81~16.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-72-generic-lpae": "4.15.0-72.81~16.04.1",
            "linux-image-lowlatency-hwe-16.04": "4.15.0.72.92",
            "linux-image-virtual-hwe-16.04-edge": "4.15.0.72.92",
            "linux-image-generic-hwe-16.04": "4.15.0.72.92",
            "linux-image-generic-lpae-hwe-16.04": "4.15.0.72.92",
            "linux-image-generic-lpae-hwe-16.04-edge": "4.15.0.72.92",
            "linux-image-lowlatency-hwe-16.04-edge": "4.15.0.72.92",
            "linux-image-4.15.0-72-lowlatency": "4.15.0-72.81~16.04.1",
            "linux-image-4.15.0-72-generic": "4.15.0-72.81~16.04.1",
            "linux-image-oem": "4.15.0.72.92",
            "linux-image-generic-hwe-16.04-edge": "4.15.0.72.92",
            "linux-image-virtual-hwe-16.04": "4.15.0.72.92"
        }
    ]
}

Ubuntu:16.04:LTS / linux-gcp

Package

Name
linux-gcp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1050.53

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-gke": "4.15.0.1050.64",
            "linux-image-4.15.0-1050-gcp": "4.15.0-1050.53",
            "linux-image-gcp": "4.15.0.1050.64"
        }
    ]
}

Ubuntu:16.04:LTS / linux-oracle

Package

Name
linux-oracle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1030.33~16.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-1030-oracle": "4.15.0-1030.33~16.04.1",
            "linux-image-oracle": "4.15.0.1030.23"
        }
    ]
}