USN-4364-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4364-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4364-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4364-1
Related
  • CVE-2019-19060
  • CVE-2020-10942
  • CVE-2020-11494
  • CVE-2020-11565
  • CVE-2020-11608
  • CVE-2020-11609
  • CVE-2020-11668
Published
2020-05-19T20:33:07.575767Z
Modified
2020-05-19T20:33:07.575767Z
Summary
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities
Details

It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060)

It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the ability to perform ioctl() calls on /dev/vhost-net could use this to cause a denial of service (system crash). (CVE-2020-10942)

It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494)

It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability to specify mount options could use this to cause a denial of service (system crash). (CVE-2020-11565)

It was discovered that the OV51x USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11608)

It was discovered that the STV06XX USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11609)

It was discovered that the Xirlink C-It USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11668)

References

Affected packages

Ubuntu:Pro:14.04:LTS / linux-lts-xenial

Package

Name
linux-lts-xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-179.209~14.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "linux-image-4.4.0-179-powerpc64-emb": "4.4.0-179.209~14.04.1",
            "linux-image-4.4.0-179-powerpc64-smp": "4.4.0-179.209~14.04.1",
            "linux-image-4.4.0-179-generic": "4.4.0-179.209~14.04.1+signed1",
            "linux-image-powerpc64-smp-lts-xenial": "4.4.0.179.158",
            "linux-image-virtual-lts-xenial": "4.4.0.179.158",
            "linux-image-lowlatency-lts-xenial": "4.4.0.179.158",
            "linux-image-4.4.0-179-powerpc-smp": "4.4.0-179.209~14.04.1",
            "linux-image-generic-lts-xenial": "4.4.0.179.158",
            "linux-image-powerpc64-emb-lts-xenial": "4.4.0.179.158",
            "linux-image-4.4.0-179-generic-lpae": "4.4.0-179.209~14.04.1",
            "linux-image-powerpc-e500mc-lts-xenial": "4.4.0.179.158",
            "linux-image-powerpc-smp-lts-xenial": "4.4.0.179.158",
            "linux-image-4.4.0-179-powerpc-e500mc": "4.4.0-179.209~14.04.1",
            "linux-image-generic-lpae-lts-xenial": "4.4.0.179.158",
            "linux-image-4.4.0-179-lowlatency": "4.4.0-179.209~14.04.1+signed1"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / linux-aws

Package

Name
linux-aws

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1067.71

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "linux-image-4.4.0-1067-aws": "4.4.0-1067.71",
            "linux-image-aws": "4.4.0.1067.68"
        }
    ]
}

Ubuntu:16.04:LTS / linux-raspi2

Package

Name
linux-raspi2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1133.142

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-raspi2": "4.4.0.1133.133",
            "linux-image-4.4.0-1133-raspi2": "4.4.0-1133.142"
        }
    ]
}

Ubuntu:16.04:LTS / linux

Package

Name
linux

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-179.209

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-lowlatency-lts-vivid": "4.4.0.179.187",
            "linux-image-virtual-lts-vivid": "4.4.0.179.187",
            "linux-image-4.4.0-179-powerpc64-smp": "4.4.0-179.209",
            "linux-image-powerpc64-emb": "4.4.0.179.187",
            "linux-image-lowlatency-lts-wily": "4.4.0.179.187",
            "linux-image-powerpc-e500mc-lts-utopic": "4.4.0.179.187",
            "linux-image-powerpc-smp-lts-wily": "4.4.0.179.187",
            "linux-image-generic-lpae-lts-vivid": "4.4.0.179.187",
            "linux-image-virtual-lts-utopic": "4.4.0.179.187",
            "linux-image-powerpc64-smp-lts-xenial": "4.4.0.179.187",
            "linux-image-virtual-lts-xenial": "4.4.0.179.187",
            "linux-image-powerpc64-smp-lts-wily": "4.4.0.179.187",
            "linux-image-powerpc-smp-lts-utopic": "4.4.0.179.187",
            "linux-image-powerpc64-emb-lts-utopic": "4.4.0.179.187",
            "linux-image-powerpc64-smp": "4.4.0.179.187",
            "linux-image-powerpc-e500mc-lts-wily": "4.4.0.179.187",
            "linux-image-powerpc-smp-lts-vivid": "4.4.0.179.187",
            "linux-image-powerpc64-emb-lts-vivid": "4.4.0.179.187",
            "linux-image-4.4.0-179-powerpc-smp": "4.4.0-179.209",
            "linux-image-generic-lts-xenial": "4.4.0.179.187",
            "linux-image-lowlatency": "4.4.0.179.187",
            "linux-image-4.4.0-179-generic-lpae": "4.4.0-179.209",
            "linux-image-powerpc-e500mc-lts-xenial": "4.4.0.179.187",
            "linux-image-powerpc-smp-lts-xenial": "4.4.0.179.187",
            "linux-image-virtual": "4.4.0.179.187",
            "linux-image-generic-lpae-lts-xenial": "4.4.0.179.187",
            "linux-image-powerpc64-emb-lts-wily": "4.4.0.179.187",
            "linux-image-generic-lts-utopic": "4.4.0.179.187",
            "linux-image-generic-lts-vivid": "4.4.0.179.187",
            "linux-image-4.4.0-179-powerpc64-emb": "4.4.0-179.209",
            "linux-image-powerpc64-smp-lts-utopic": "4.4.0.179.187",
            "linux-image-powerpc64-smp-lts-vivid": "4.4.0.179.187",
            "linux-image-generic-lpae-lts-utopic": "4.4.0.179.187",
            "linux-image-4.4.0-179-generic": "4.4.0-179.209",
            "linux-image-powerpc-e500mc": "4.4.0.179.187",
            "linux-image-powerpc-e500mc-lts-vivid": "4.4.0.179.187",
            "linux-image-4.4.0-179-powerpc-e500mc": "4.4.0-179.209",
            "linux-image-virtual-lts-wily": "4.4.0.179.187",
            "linux-image-lowlatency-lts-xenial": "4.4.0.179.187",
            "linux-image-generic-lpae-lts-wily": "4.4.0.179.187",
            "linux-image-lowlatency-lts-utopic": "4.4.0.179.187",
            "linux-image-powerpc64-emb-lts-xenial": "4.4.0.179.187",
            "linux-image-generic": "4.4.0.179.187",
            "linux-image-powerpc-smp": "4.4.0.179.187",
            "linux-image-generic-lts-wily": "4.4.0.179.187",
            "linux-image-generic-lpae": "4.4.0.179.187",
            "linux-image-4.4.0-179-lowlatency": "4.4.0-179.209"
        }
    ]
}

Ubuntu:16.04:LTS / linux-kvm

Package

Name
linux-kvm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1071.78

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1071-kvm": "4.4.0-1071.78",
            "linux-image-kvm": "4.4.0.1071.71"
        }
    ]
}

Ubuntu:16.04:LTS / linux-snapdragon

Package

Name
linux-snapdragon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1137.145

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-snapdragon": "4.4.0.1137.129",
            "linux-image-4.4.0-1137-snapdragon": "4.4.0-1137.145"
        }
    ]
}

Ubuntu:16.04:LTS / linux-aws

Package

Name
linux-aws

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1107.118

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1107-aws": "4.4.0-1107.118",
            "linux-image-aws": "4.4.0.1107.111"
        }
    ]
}