Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2019-2024 Canonical, Inc. / NASL script (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4135-1.NASL
HistorySep 19, 2019 - 12:00 a.m.

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4135-1)

2019-09-1900:00:00
Ubuntu Security Notice (C) 2019-2024 Canonical, Inc. / NASL script (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29

7.2 High

AI Score

Confidence

Low

JSON

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4135-1 advisory.

  • A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel’s vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)

  • In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users’ processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. (CVE-2019-15030)

  • In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users’ processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. (CVE-2019-15031)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4135-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(129049);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");

  script_cve_id("CVE-2019-14835", "CVE-2019-15030", "CVE-2019-15031");
  script_xref(name:"USN", value:"4135-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4135-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as
referenced in the USN-4135-1 advisory.

  - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost
    functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A
    privileged guest user able to pass descriptors with invalid length to the host when migration is underway,
    could use this flaw to increase their privileges on the host. (CVE-2019-14835)

  - In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of
    other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user
    starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector
    registers. At some point, the vector registers will be corrupted with the values from a different local
    Linux process because of a missing arch/powerpc/kernel/process.c check. (CVE-2019-15030)

  - In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of
    other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction
    (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some
    point, the vector registers will be corrupted with the values from a different local Linux process,
    because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. (CVE-2019-15031)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4135-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14835");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1025-oracle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1044-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1046-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1047-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1050-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1056-oem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1059-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1064-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-64-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-64-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-64-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1058-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1094-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1122-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1126-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-164-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-164-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-164-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-164-powerpc-e500mc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-164-powerpc-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-164-powerpc64-emb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-164-powerpc64-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1017-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1020-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-29-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-29-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-29-lowlatency");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2019-2024 Canonical, Inc. / NASL script (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');
include('ksplice.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var kernel_mappings = {
  '16.04': {
    '4.15.0': {
      'generic': '4.15.0-64',
      'generic-lpae': '4.15.0-64',
      'lowlatency': '4.15.0-64',
      'oracle': '4.15.0-1025',
      'gcp': '4.15.0-1044',
      'aws': '4.15.0-1050',
      'azure': '4.15.0-1059'
    },
    '4.4.0': {
      'generic': '4.4.0-164',
      'generic-lpae': '4.4.0-164',
      'lowlatency': '4.4.0-164',
      'powerpc-e500mc': '4.4.0-164',
      'powerpc-smp': '4.4.0-164',
      'powerpc64-emb': '4.4.0-164',
      'powerpc64-smp': '4.4.0-164',
      'kvm': '4.4.0-1058',
      'aws': '4.4.0-1094',
      'raspi2': '4.4.0-1122',
      'snapdragon': '4.4.0-1126'
    }
  },
  '18.04': {
    '4.15.0': {
      'generic': '4.15.0-64',
      'generic-lpae': '4.15.0-64',
      'lowlatency': '4.15.0-64',
      'oracle': '4.15.0-1025',
      'gcp': '4.15.0-1044',
      'kvm': '4.15.0-1046',
      'raspi2': '4.15.0-1047',
      'aws': '4.15.0-1050',
      'oem': '4.15.0-1056',
      'snapdragon': '4.15.0-1064'
    },
    '5.0.0': {
      'generic': '5.0.0-29',
      'generic-lpae': '5.0.0-29',
      'lowlatency': '5.0.0-29',
      'gke': '5.0.0-1017',
      'azure': '5.0.0-1020'
    }
  }
};

var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);

var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
  extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
  else
{
  audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4135-1');
}

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  var cve_list = make_list('CVE-2019-14835', 'CVE-2019-15030', 'CVE-2019-15031');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4135-1');
  }
  else
  {
    extra = extra + ksplice_reporting_text();
  }
}
if (extra) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : extra
  );
  exit(0);
}
VendorProductVersionCPE
canonicalubuntu_linuxlinux-image-4.15.0-1025-oraclep-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1025-oracle
canonicalubuntu_linuxlinux-image-4.15.0-1044-gcpp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1044-gcp
canonicalubuntu_linuxlinux-image-4.15.0-1046-kvmp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1046-kvm
canonicalubuntu_linuxlinux-image-4.15.0-1047-raspi2p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1047-raspi2
canonicalubuntu_linuxlinux-image-4.15.0-1050-awsp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1050-aws
canonicalubuntu_linuxlinux-image-4.15.0-1056-oemp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1056-oem
canonicalubuntu_linuxlinux-image-4.15.0-1059-azurep-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1059-azure
canonicalubuntu_linuxlinux-image-4.15.0-1064-snapdragonp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1064-snapdragon
canonicalubuntu_linuxlinux-image-4.15.0-64-genericp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-64-generic
canonicalubuntu_linuxlinux-image-4.15.0-64-generic-lpaep-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-64-generic-lpae
Rows per page:
1-10 of 291

Related

ubuntu 2
openvas 40
cloudfoundry 1
nessus 76
redhat 21
oraclelinux 9
prion 3
debiancve 3
cve 3
redhatcve 3
ubuntucve 3
centos 2
virtuozzo 3
ibm 3
huawei 1
f5 1
fedora 5
amazon 2
debian 4
mageia 3
osv 3
suse 2
photon 5
slackware 1
ubuntu
ubuntu
Linux kernel vulnerabilities
2019-09-18 00:00:00
Linux kernel vulnerabilities
2019-09-18 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4135-2)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-4135-1)
2019-09-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2613-1)
2021-04-19 00:00:00
cloudfoundry
cloudfoundry
USN-4135-1: Linux kernel vulnerabilities | Cloud Foundry
2019-09-30 00:00:00
nessus
nessus
RHEL 8 : kernel (RHSA-2020:1372)
2020-08-07 00:00:00
Oracle Linux 8 : kernel (ELSA-2020-1372)
2020-04-10 00:00:00
CentOS 8 : kernel (CESA-2020:1372)
2021-02-01 00:00:00
redhat
redhat
(RHSA-2020:1372) Moderate: kernel security and bug fix update
2020-04-07 10:57:14
(RHSA-2019:2924) Important: redhat-virtualization-host security update
2019-09-27 12:48:43
(RHSA-2019:2865) Important: kpatch-patch security update
2019-09-23 10:28:49
oraclelinux
oraclelinux
kernel security and bug fix update
2020-04-09 00:00:00
Unbreakable Enterprise kernel security update
2019-09-17 00:00:00
kernel security update
2019-09-20 00:00:00
prion
prion
Code injection
2019-09-13 13:15:00
Design/Logic Flaw
2019-09-13 13:15:00
Buffer overflow
2019-09-17 16:15:00
debiancve
debiancve
CVE-2019-15030
2019-09-13 13:15:00
CVE-2019-15031
2019-09-13 13:15:00
CVE-2019-14835
2019-09-17 16:15:00
cve
cve
CVE-2019-15031
2019-09-13 13:15:00
CVE-2019-15030
2019-09-13 13:15:00
CVE-2019-14835
2019-09-17 16:15:00
redhatcve
redhatcve
CVE-2019-15031
2020-02-02 14:38:28
CVE-2019-15030
2020-03-29 20:08:23
CVE-2019-14835
2020-03-29 07:56:55
ubuntucve
ubuntucve
CVE-2019-15031
2019-09-09 00:00:00
CVE-2019-15030
2019-09-09 00:00:00
CVE-2019-14835
2019-09-17 00:00:00
centos
centos
kernel, perf, python security update
2019-09-27 12:17:17
bpftool, kernel, perf, python security update
2019-10-02 16:02:22
virtuozzo
virtuozzo
Important kernel security update: Virtuozzo ReadyKernel patch 87.0 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0
2019-09-23 00:00:00
Important kernel security update: New kernel 2.6.32-042stab141.3; Virtuozzo 6.0 Update 12 Hotfix 48 (6.0.12-3753)
2019-11-21 00:00:00
Important kernel security update: New kernel 2.6.32-042stab141.3 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2019-11-21 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in Linux Kernel affects IBM Netezza Host Management
2019-11-07 12:14:49
Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability
2020-10-07 16:19:33
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze
2020-07-24 21:16:35
huawei
huawei
Security Advisory - Buffer Overflow Vulnerability in QEMU-KVM
2020-01-15 00:00:00
f5
f5
K57536416 : Kernel vulnerability CVE-2019-14835
2020-10-19 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: kernel-headers-5.2.15-200.fc30
2019-09-19 01:34:38
[SECURITY] Fedora 29 Update: kernel-headers-5.2.17-100.fc29
2019-10-02 01:42:27
[SECURITY] Fedora 29 Update: kernel-tools-5.2.17-100.fc29
2019-10-02 01:42:27
amazon
amazon
Important: kernel
2019-09-25 23:01:00
Important: kernel
2019-09-25 22:59:00
debian
debian
[SECURITY] [DLA 1940-1] linux-4.9 security update
2019-10-01 13:56:02
[SECURITY] [DSA 4531-1] linux security update
2019-09-25 04:04:13
[SECURITY] [DSA 4531-1] linux security update
2019-09-25 04:04:13
mageia
mageia
Updated kernel packages fix security vulnerabilities
2019-09-21 19:04:55
Updated kernel packages fix security vulnerabilities
2019-09-21 19:04:55
Updated kernel-linus packages fix security vulnerabilities
2019-11-20 00:16:53
osv
osv
linux - security update
2019-09-25 00:00:00
linux-4.9 - security update
2019-09-30 00:00:00
linux - security update
2019-09-24 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2019-09-24 00:00:00
Security update for the Linux Kernel (important)
2019-09-25 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0252
2019-10-01 00:00:00
Important Photon OS Security Update - PHSA-2019-0252
2019-10-01 00:00:00
Critical Photon OS Security Update - PHSA-2019-0178
2019-09-23 00:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2019-11-07 22:31:40

7.2 High

AI Score

Confidence

Low

JSON
Related for UBUNTU_USN-4135-1.NASL
ubuntu2openvas40cloudfoundry1nessus76redhat21oraclelinux9prion3debiancve3cve3redhatcve3ubuntucve3centos2virtuozzo3ibm3huawei1f51fedora5amazon2debian4mageia3osv3suse2photon5slackware1