USN-4346-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4346-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4346-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4346-1
Related
Published
2020-04-29T00:06:32.123286Z
Modified
2020-04-29T00:06:32.123286Z
Summary
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities
Details

It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233)

It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16234)

Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-19768)

It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648)

Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-9383)

References

Affected packages

Ubuntu:Pro:14.04:LTS / linux-lts-xenial

Package

Name
linux-lts-xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-178.208~14.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "linux-image-4.4.0-178-generic-lpae": "4.4.0-178.208~14.04.1",
            "linux-image-4.4.0-178-powerpc-smp": "4.4.0-178.208~14.04.1",
            "linux-image-4.4.0-178-generic": "4.4.0-178.208~14.04.1",
            "linux-image-virtual-lts-xenial": "4.4.0.178.157",
            "linux-image-powerpc64-smp-lts-xenial": "4.4.0.178.157",
            "linux-image-lowlatency-lts-xenial": "4.4.0.178.157",
            "linux-image-4.4.0-178-powerpc64-emb": "4.4.0-178.208~14.04.1",
            "linux-image-4.4.0-178-powerpc64-smp": "4.4.0-178.208~14.04.1",
            "linux-image-4.4.0-178-lowlatency": "4.4.0-178.208~14.04.1",
            "linux-image-generic-lts-xenial": "4.4.0.178.157",
            "linux-image-powerpc64-emb-lts-xenial": "4.4.0.178.157",
            "linux-image-powerpc-e500mc-lts-xenial": "4.4.0.178.157",
            "linux-image-powerpc-smp-lts-xenial": "4.4.0.178.157",
            "linux-image-4.4.0-178-powerpc-e500mc": "4.4.0-178.208~14.04.1",
            "linux-image-generic-lpae-lts-xenial": "4.4.0.178.157"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / linux-aws

Package

Name
linux-aws

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1066.70

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "linux-image-4.4.0-1066-aws": "4.4.0-1066.70",
            "linux-image-aws": "4.4.0.1066.67"
        }
    ]
}

Ubuntu:16.04:LTS / linux-raspi2

Package

Name
linux-raspi2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1132.141

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-raspi2": "4.4.0.1132.132",
            "linux-image-4.4.0-1132-raspi2": "4.4.0-1132.141"
        }
    ]
}

Ubuntu:16.04:LTS / linux

Package

Name
linux

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-178.208

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-lowlatency-lts-vivid": "4.4.0.178.186",
            "linux-image-virtual-lts-vivid": "4.4.0.178.186",
            "linux-image-powerpc64-emb": "4.4.0.178.186",
            "linux-image-lowlatency-lts-wily": "4.4.0.178.186",
            "linux-image-powerpc-e500mc-lts-utopic": "4.4.0.178.186",
            "linux-image-powerpc-smp-lts-wily": "4.4.0.178.186",
            "linux-image-4.4.0-178-powerpc-smp": "4.4.0-178.208",
            "linux-image-virtual-lts-utopic": "4.4.0.178.186",
            "linux-image-powerpc64-smp-lts-xenial": "4.4.0.178.186",
            "linux-image-powerpc64-emb-lts-utopic": "4.4.0.178.186",
            "linux-image-powerpc64-smp-lts-wily": "4.4.0.178.186",
            "linux-image-powerpc-smp-lts-utopic": "4.4.0.178.186",
            "linux-image-virtual-lts-xenial": "4.4.0.178.186",
            "linux-image-4.4.0-178-generic": "4.4.0-178.208",
            "linux-image-4.4.0-178-powerpc64-emb": "4.4.0-178.208",
            "linux-image-4.4.0-178-powerpc64-smp": "4.4.0-178.208",
            "linux-image-powerpc64-emb-lts-vivid": "4.4.0.178.186",
            "linux-image-4.4.0-178-lowlatency": "4.4.0-178.208",
            "linux-image-powerpc-smp-lts-vivid": "4.4.0.178.186",
            "linux-image-powerpc-e500mc-lts-wily": "4.4.0.178.186",
            "linux-image-generic-lts-xenial": "4.4.0.178.186",
            "linux-image-lowlatency": "4.4.0.178.186",
            "linux-image-generic-lpae-lts-vivid": "4.4.0.178.186",
            "linux-image-powerpc64-smp": "4.4.0.178.186",
            "linux-image-powerpc64-smp-lts-vivid": "4.4.0.178.186",
            "linux-image-powerpc-smp-lts-xenial": "4.4.0.178.186",
            "linux-image-virtual": "4.4.0.178.186",
            "linux-image-generic-lpae-lts-xenial": "4.4.0.178.186",
            "linux-image-powerpc64-emb-lts-wily": "4.4.0.178.186",
            "linux-image-generic-lts-utopic": "4.4.0.178.186",
            "linux-image-powerpc64-smp-lts-utopic": "4.4.0.178.186",
            "linux-image-generic-lts-vivid": "4.4.0.178.186",
            "linux-image-powerpc-e500mc-lts-xenial": "4.4.0.178.186",
            "linux-image-powerpc-e500mc-lts-vivid": "4.4.0.178.186",
            "linux-image-generic-lpae-lts-utopic": "4.4.0.178.186",
            "linux-image-4.4.0-178-generic-lpae": "4.4.0-178.208",
            "linux-image-powerpc-e500mc": "4.4.0.178.186",
            "linux-image-virtual-lts-wily": "4.4.0.178.186",
            "linux-image-lowlatency-lts-xenial": "4.4.0.178.186",
            "linux-image-generic-lpae-lts-wily": "4.4.0.178.186",
            "linux-image-lowlatency-lts-utopic": "4.4.0.178.186",
            "linux-image-powerpc64-emb-lts-xenial": "4.4.0.178.186",
            "linux-image-generic": "4.4.0.178.186",
            "linux-image-powerpc-smp": "4.4.0.178.186",
            "linux-image-generic-lts-wily": "4.4.0.178.186",
            "linux-image-4.4.0-178-powerpc-e500mc": "4.4.0-178.208",
            "linux-image-generic-lpae": "4.4.0.178.186"
        }
    ]
}

Ubuntu:16.04:LTS / linux-kvm

Package

Name
linux-kvm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1070.77

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1070-kvm": "4.4.0-1070.77",
            "linux-image-kvm": "4.4.0.1070.70"
        }
    ]
}

Ubuntu:16.04:LTS / linux-snapdragon

Package

Name
linux-snapdragon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1136.144

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-snapdragon": "4.4.0.1136.128",
            "linux-image-4.4.0-1136-snapdragon": "4.4.0-1136.144"
        }
    ]
}

Ubuntu:16.04:LTS / linux-aws

Package

Name
linux-aws

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1106.117

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1106-aws": "4.4.0-1106.117",
            "linux-image-aws": "4.4.0.1106.110"
        }
    ]
}