The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4300-1 advisory.
A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. (CVE-2019-18809)
A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering i40e_setup_channel() failures, aka CID-27d461333459. (CVE-2019-19043)
A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2. (CVE-2019-19053)
A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID- db8fd2cde932. (CVE-2019-19056)
A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5. (CVE-2019-19058)
Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa. (CVE-2019-19059)
A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka CID-057b8945f78f. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control these failures at probe time (CVE-2019-19064)
A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. (CVE-2019-19066)
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. (CVE-2019-19068)
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. (CVE-2019-3016)
A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4300-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('compat.inc');
if (description)
{
script_id(134658);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");
script_cve_id(
"CVE-2019-18809",
"CVE-2019-19043",
"CVE-2019-19053",
"CVE-2019-19056",
"CVE-2019-19058",
"CVE-2019-19059",
"CVE-2019-19064",
"CVE-2019-19066",
"CVE-2019-19068",
"CVE-2019-3016",
"CVE-2020-2732"
);
script_xref(name:"USN", value:"4300-1");
script_name(english:"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4300-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in
the USN-4300-1 advisory.
- A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux
kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka
CID-2289adbfa559. (CVE-2019-18809)
- A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the
Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by
triggering i40e_setup_channel() failures, aka CID-27d461333459. (CVE-2019-19043)
- A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel
through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering
copy_from_iter_full() failures, aka CID-bbe692e349e2. (CVE-2019-19053)
- A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in
drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a
denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-
db8fd2cde932. (CVE-2019-19056)
- A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux
kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering
alloc_page() failures, aka CID-b4b814fec1a5. (CVE-2019-19058)
- Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in
drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow
attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or
dma_alloc_coherent() failures, aka CID-0f4f199443fa. (CVE-2019-19059)
- A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through
5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering
pm_runtime_get_sync() failures, aka CID-057b8945f78f. NOTE: third parties dispute the relevance of this
because an attacker cannot realistically control these failures at probe time (CVE-2019-19064)
- A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel
through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering
bfa_port_get_stats() failures, aka CID-0e62395da2bd. (CVE-2019-19066)
- A memory leak in the rtl8xxxu_submit_int_urb() function in
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers
to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka
CID-a2cdd07488e6. (CVE-2019-19068)
- In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory
locations from another process in the same guest. This problem is limit to the host running linux kernel
4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel
CPUs cannot be ruled out. (CVE-2019-3016)
- A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest
when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into
accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4300-1");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2732");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/07");
script_set_attribute(attribute:"patch_publication_date", value:"2020/03/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1014-gcp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1014-gke");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1016-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1019-raspi2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-42-generic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-42-generic-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-42-lowlatency");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2020-2024 Canonical, Inc. / NASL script (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
include('ksplice.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var kernel_mappings = {
'18.04': {
'5.3.0': {
'generic': '5.3.0-42',
'generic-lpae': '5.3.0-42',
'lowlatency': '5.3.0-42',
'gcp': '5.3.0-1014',
'gke': '5.3.0-1014',
'azure': '5.3.0-1016',
'raspi2': '5.3.0-1019'
}
}
};
var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);
var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
else
{
audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4300-1');
}
if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
var cve_list = make_list('CVE-2019-3016', 'CVE-2019-18809', 'CVE-2019-19043', 'CVE-2019-19053', 'CVE-2019-19056', 'CVE-2019-19058', 'CVE-2019-19059', 'CVE-2019-19064', 'CVE-2019-19066', 'CVE-2019-19068', 'CVE-2020-2732');
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4300-1');
}
else
{
extra = extra + ksplice_reporting_text();
}
}
if (extra) {
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : extra
);
exit(0);
}
Vendor | Product | Version | CPE |
---|---|---|---|
canonical | ubuntu_linux | linux-image-5.3.0-1014-gcp | p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1014-gcp |
canonical | ubuntu_linux | linux-image-5.3.0-1014-gke | p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1014-gke |
canonical | ubuntu_linux | linux-image-5.3.0-1016-azure | p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1016-azure |
canonical | ubuntu_linux | linux-image-5.3.0-1019-raspi2 | p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1019-raspi2 |
canonical | ubuntu_linux | linux-image-5.3.0-42-generic | p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-42-generic |
canonical | ubuntu_linux | linux-image-5.3.0-42-generic-lpae | p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-42-generic-lpae |
canonical | ubuntu_linux | linux-image-5.3.0-42-lowlatency | p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-42-lowlatency |
canonical | ubuntu_linux | 18.04 | cpe:/o:canonical:ubuntu_linux:18.04:-:lts |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18809
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19059
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19064
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19066
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2732
ubuntu.com/security/notices/USN-4300-1