Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2020-2024 Canonical, Inc. / NASL script (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4301-1.NASL
HistoryMar 18, 2020 - 12:00 a.m.

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4301-1)

2020-03-1800:00:00
Ubuntu Security Notice (C) 2020-2024 Canonical, Inc. / NASL script (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
51

7 High

AI Score

Confidence

Low

JSON

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4301-1 advisory.

  • A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2. (CVE-2019-19053)

  • A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID- db8fd2cde932. (CVE-2019-19056)

  • A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5. (CVE-2019-19058)

  • Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa. (CVE-2019-19059)

  • A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. (CVE-2019-19066)

  • A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. (CVE-2019-19068)

  • In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. (CVE-2019-3016)

  • A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4301-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(134659);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");

  script_cve_id(
    "CVE-2019-19053",
    "CVE-2019-19056",
    "CVE-2019-19058",
    "CVE-2019-19059",
    "CVE-2019-19066",
    "CVE-2019-19068",
    "CVE-2019-3016",
    "CVE-2020-2732"
  );
  script_xref(name:"USN", value:"4301-1");

  script_name(english:"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4301-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in
the USN-4301-1 advisory.

  - A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel
    through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering
    copy_from_iter_full() failures, aka CID-bbe692e349e2. (CVE-2019-19053)

  - A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in
    drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a
    denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-
    db8fd2cde932. (CVE-2019-19056)

  - A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux
    kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering
    alloc_page() failures, aka CID-b4b814fec1a5. (CVE-2019-19058)

  - Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in
    drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow
    attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or
    dma_alloc_coherent() failures, aka CID-0f4f199443fa. (CVE-2019-19059)

  - A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel
    through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering
    bfa_port_get_stats() failures, aka CID-0e62395da2bd. (CVE-2019-19066)

  - A memory leak in the rtl8xxxu_submit_int_urb() function in
    drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers
    to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka
    CID-a2cdd07488e6. (CVE-2019-19068)

  - In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory
    locations from another process in the same guest. This problem is limit to the host running linux kernel
    4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel
    CPUs cannot be ruled out. (CVE-2019-3016)

  - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest
    when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into
    accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4301-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2732");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/03/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1013-oracle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1027-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1032-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1033-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1035-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1043-oem-osp1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2020-2024 Canonical, Inc. / NASL script (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');
include('ksplice.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var kernel_mappings = {
  '18.04': {
    '5.0.0': {
      'oracle': '5.0.0-1013',
      'aws': '5.0.0-1027',
      'gke': '5.0.0-1032',
      'gcp': '5.0.0-1033',
      'azure': '5.0.0-1035',
      'oem-osp1': '5.0.0-1043'
    }
  }
};

var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);

var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
  extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
  else
{
  audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4301-1');
}

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  var cve_list = make_list('CVE-2019-3016', 'CVE-2019-19053', 'CVE-2019-19056', 'CVE-2019-19058', 'CVE-2019-19059', 'CVE-2019-19066', 'CVE-2019-19068', 'CVE-2020-2732');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4301-1');
  }
  else
  {
    extra = extra + ksplice_reporting_text();
  }
}
if (extra) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : extra
  );
  exit(0);
}
VendorProductVersionCPE
canonicalubuntu_linuxlinux-image-5.0.0-1013-oraclep-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1013-oracle
canonicalubuntu_linuxlinux-image-5.0.0-1027-awsp-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1027-aws
canonicalubuntu_linuxlinux-image-5.0.0-1032-gkep-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1032-gke
canonicalubuntu_linuxlinux-image-5.0.0-1033-gcpp-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1033-gcp
canonicalubuntu_linuxlinux-image-5.0.0-1035-azurep-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1035-azure
canonicalubuntu_linuxlinux-image-5.0.0-1043-oem-osp1p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1043-oem-osp1
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts

Related

ubuntu 8
openvas 41
nessus 41
cloudfoundry 1
redhatcve 8
f5 7
osv 3
debiancve 8
cve 8
ubuntucve 8
prion 8
veracode 6
photon 8
symantec 1
cbl_mariner 2
oraclelinux 10
mageia 4
fedora 15
archlinux 1
redhat 4
slackware 1
amazon 3
debian 2
suse 1
ubuntu
ubuntu
Linux kernel vulnerabilities
2020-03-25 00:00:00
Linux kernel vulnerabilities
2020-03-25 00:00:00
Linux kernel vulnerabilities
2020-03-25 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4301-1)
2020-03-17 00:00:00
Ubuntu: Security Advisory (USN-4300-1)
2020-03-17 00:00:00
Ubuntu: Security Advisory (USN-4302-1)
2020-03-17 00:00:00
nessus
nessus
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4300-1)
2020-03-18 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4302-1)
2020-03-18 00:00:00
Photon OS 3.0: Linux PHSA-2020-3.0-0052
2020-01-28 00:00:00
cloudfoundry
cloudfoundry
USN-4302-1: Linux kernel vulnerabilities | Cloud Foundry
2020-04-23 00:00:00
redhatcve
redhatcve
CVE-2019-19053
2019-11-21 12:07:30
CVE-2019-19068
2019-11-21 11:07:58
CVE-2019-19059
2019-11-21 11:37:57
f5
f5
K12357206 : Linux kernel rpmsg vulnerability CVE-2019-19053
2020-02-18 00:00:00
K53634325 : Linux kernel vulnerability CVE-2019-19068
2020-01-23 00:00:00
K06554372 : Linux kernel vulnerability CVE-2019-19059
2020-05-20 00:00:00
osv
osv
CVE-2019-19053
2019-11-18 06:15:11
linux - security update
2020-04-28 00:00:00
linux - security update
2020-06-09 00:00:00
debiancve
debiancve
CVE-2019-19053
2019-11-18 06:15:00
CVE-2019-19068
2019-11-18 06:15:00
CVE-2019-19066
2019-11-18 06:15:00
cve
cve
CVE-2019-19053
2019-11-18 06:15:00
CVE-2019-19068
2019-11-18 06:15:00
CVE-2019-19056
2019-11-18 06:15:00
ubuntucve
ubuntucve
CVE-2019-19053
2019-11-18 00:00:00
CVE-2019-19068
2019-11-18 00:00:00
CVE-2019-19056
2019-11-18 00:00:00
prion
prion
Memory corruption
2019-11-18 06:15:00
Memory corruption
2019-11-18 06:15:00
Memory corruption
2019-11-18 06:15:00
veracode
veracode
Denial Of Service (DoS)
2020-11-05 03:09:37
Denial Of Service(DoS)
2020-11-05 03:09:33
Denial Of Service (DoS)
2020-05-06 03:16:59
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0262
2019-12-15 00:00:00
Moderate Photon OS Security Update - PHSA-2019-0262
2019-12-15 00:00:00
Critical Photon OS Security Update - PHSA-2020-0052
2020-01-24 00:00:00
symantec
symantec
Linux Kernel Multiple Memory Leak Denial of Service Vulnerabilities
2019-09-14 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-3016 affecting package kernel 5.10.189.1-1
2021-09-09 15:03:26
CVE-2019-3016 affecting package kernel 5.15.153.1-2
2022-04-09 06:52:47
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2020-02-24 00:00:00
Unbreakable Enterprise kernel security update
2020-02-24 00:00:00
Unbreakable Enterprise kernel security update
2020-02-24 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerability
2020-02-29 16:42:35
Updated kernel packages fix security vulnerabilities
2020-02-04 14:07:12
Updated kernel-linus packages fix security vulnerabilities
2020-02-18 17:05:53
fedora
fedora
[SECURITY] Fedora 31 Update: kernel-5.3.12-300.fc31
2019-11-27 00:25:48
[SECURITY] Fedora 31 Update: kernel-5.3.13-300.fc31
2019-12-02 01:15:11
[SECURITY] Fedora 31 Update: kernel-5.5.7-200.fc31
2020-03-02 19:06:16
archlinux
archlinux
[ASA-202003-6] linux: multiple issues
2020-03-08 00:00:00
redhat
redhat
(RHSA-2020:2171) Important: kernel-rt security and bug fix update
2020-05-14 18:45:25
(RHSA-2020:2102) Important: kernel security and bug fix update
2020-05-12 13:42:43
(RHSA-2020:3016) Important: kernel-rt security and bug fix update
2020-07-21 11:15:46
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2020-03-26 23:13:28
amazon
amazon
Important: kernel
2020-03-23 16:25:00
Important: kernel
2020-03-23 16:25:00
Medium: kernel
2020-04-20 19:25:00
debian
debian
[SECURITY] [DSA 4667-1] linux security update
2020-04-28 20:33:13
[SECURITY] [DSA 4667-1] linux security update
2020-04-28 20:33:13
suse
suse
Security update for the Linux Kernel (important)
2019-12-12 00:00:00

7 High

AI Score

Confidence

Low

JSON
Related for UBUNTU_USN-4301-1.NASL
ubuntu8openvas41nessus41cloudfoundry1redhatcve8f57osv3debiancve8cve8ubuntucve8prion8veracode6photon8symantec1cbl_mariner2oraclelinux10mageia4fedora15archlinux1redhat4slackware1amazon3debian2suse1