Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2020-2024 Canonical, Inc. / NASL script (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4526-1.NASL
HistorySep 22, 2020 - 12:00 a.m.

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4526-1)

2020-09-2200:00:00
Ubuntu Security Notice (C) 2020-2024 Canonical, Inc. / NASL script (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
111

7.3 High

AI Score

Confidence

High

JSON

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4526-1 advisory.

  • A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.
    (CVE-2019-18808)

  • A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)

  • A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3. (CVE-2019-19061)

  • Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading (CVE-2019-19067)

  • Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)

  • A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
    (CVE-2019-19074)

  • In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check.
    This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9445)

  • The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. (CVE-2020-12888)

  • A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2020-14356)

  • The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. (CVE-2020-16166)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4526-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(140722);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");

  script_cve_id(
    "CVE-2019-9445",
    "CVE-2019-18808",
    "CVE-2019-19054",
    "CVE-2019-19061",
    "CVE-2019-19067",
    "CVE-2019-19073",
    "CVE-2019-19074",
    "CVE-2020-12888",
    "CVE-2020-14356",
    "CVE-2020-16166"
  );
  script_xref(name:"USN", value:"4526-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4526-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as
referenced in the USN-4526-1 advisory.

  - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel
    through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.
    (CVE-2019-18808)

  - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux
    kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering
    kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)

  - A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux
    kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka
    CID-9c0530e898f3. (CVE-2019-19061)

  - Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux
    kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering
    mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties
    dispute the relevance of this because the attacker must already have privileges for module loading
    (CVE-2019-19067)

  - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow
    attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout()
    failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the
    htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)

  - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel
    through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
    (CVE-2019-19074)

  - In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check.
    This could lead to local information disclosure with system execution privileges needed. User interaction
    is not needed for exploitation. (CVE-2019-9445)

  - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory
    space. (CVE-2020-12888)

  - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found
    in the way when reboot the system. A local user could use this flaw to crash the system or escalate their
    privileges on the system. (CVE-2020-14356)

  - The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive
    information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to
    drivers/char/random.c and kernel/time/timer.c. (CVE-2020-16166)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4526-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14356");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/09/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1054-oracle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1070-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1071-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1075-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1083-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1084-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1087-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1096-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1097-oem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-118-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-118-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-118-lowlatency");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2020-2024 Canonical, Inc. / NASL script (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');
include('ksplice.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var kernel_mappings = {
  '16.04': {
    '4.15.0': {
      'generic': '4.15.0-118',
      'generic-lpae': '4.15.0-118',
      'lowlatency': '4.15.0-118',
      'oracle': '4.15.0-1054',
      'aws': '4.15.0-1083',
      'gcp': '4.15.0-1084',
      'azure': '4.15.0-1096'
    }
  },
  '18.04': {
    '4.15.0': {
      'generic': '4.15.0-118',
      'generic-lpae': '4.15.0-118',
      'lowlatency': '4.15.0-118',
      'oracle': '4.15.0-1054',
      'gke': '4.15.0-1070',
      'raspi2': '4.15.0-1071',
      'kvm': '4.15.0-1075',
      'aws': '4.15.0-1083',
      'gcp': '4.15.0-1084',
      'snapdragon': '4.15.0-1087',
      'azure': '4.15.0-1096',
      'oem': '4.15.0-1097'
    }
  }
};

var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);

var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
  extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
  else
{
  audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4526-1');
}

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  var cve_list = make_list('CVE-2019-9445', 'CVE-2019-18808', 'CVE-2019-19054', 'CVE-2019-19061', 'CVE-2019-19067', 'CVE-2019-19073', 'CVE-2019-19074', 'CVE-2020-12888', 'CVE-2020-14356', 'CVE-2020-16166');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4526-1');
  }
  else
  {
    extra = extra + ksplice_reporting_text();
  }
}
if (extra) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : extra
  );
  exit(0);
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linuxlinux-image-4.15.0-1054-oraclep-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1054-oracle
canonicalubuntu_linuxlinux-image-4.15.0-1070-gkep-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1070-gke
canonicalubuntu_linuxlinux-image-4.15.0-1071-raspi2p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1071-raspi2
canonicalubuntu_linuxlinux-image-4.15.0-1075-kvmp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1075-kvm
canonicalubuntu_linuxlinux-image-4.15.0-1083-awsp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1083-aws
canonicalubuntu_linuxlinux-image-4.15.0-1084-gcpp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1084-gcp
canonicalubuntu_linuxlinux-image-4.15.0-1087-snapdragonp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1087-snapdragon
canonicalubuntu_linuxlinux-image-4.15.0-1096-azurep-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1096-azure
Rows per page:
1-10 of 141

Related

osv 8
ubuntu 4
openvas 22
cloudfoundry 1
nessus 49
amazon 1
oraclelinux 7
veracode 10
ubuntucve 13
cve 13
debiancve 13
prion 13
redhatcve 13
fedora 4
redhat 9
f5 3
cbl_mariner 3
photon 6
ibm 2
debian 2
suse 1
slackware 1
centos 1
osv
osv
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2020-09-23 07:42:42
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
2020-09-24 03:59:06
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities
2020-09-24 22:41:12
ubuntu
ubuntu
Linux kernel vulnerabilities
2020-09-23 00:00:00
Linux kernel vulnerabilities
2020-09-24 00:00:00
Linux kernel vulnerabilities
2020-09-24 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4526-1)
2020-09-23 00:00:00
Ubuntu: Security Advisory (USN-4525-1)
2020-09-23 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1859)
2020-08-31 00:00:00
cloudfoundry
cloudfoundry
USN-4526-1: Linux kernel vulnerabilities | Cloud Foundry
2020-11-19 00:00:00
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4525-1)
2020-09-22 00:00:00
EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1859)
2020-08-28 00:00:00
Amazon Linux 2 : kernel (ALAS-2020-1480)
2020-08-26 00:00:00
amazon
amazon
Important: kernel
2020-08-18 20:29:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2020-08-06 00:00:00
Unbreakable Enterprise kernel security update
2020-08-10 00:00:00
Unbreakable Enterprise kernel security update
2020-08-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-09-21 06:24:28
Denial Of Service (DoS)
2020-05-06 03:17:02
Denial Of Service (DoS)
2020-05-06 03:17:03
ubuntucve
ubuntucve
CVE-2019-19061
2019-11-18 00:00:00
CVE-2019-19067
2019-11-18 00:00:00
CVE-2019-19073
2019-11-18 00:00:00
cve
cve
CVE-2019-19061
2019-11-18 06:15:00
CVE-2019-19067
2019-11-18 06:15:00
CVE-2019-19054
2019-11-18 06:15:00
debiancve
debiancve
CVE-2019-19061
2019-11-18 06:15:00
CVE-2019-19067
2019-11-18 06:15:00
CVE-2019-19054
2019-11-18 06:15:00
prion
prion
Design/Logic Flaw
2019-11-18 06:15:00
Memory corruption
2019-11-18 06:15:00
Memory corruption
2019-11-18 06:15:00
redhatcve
redhatcve
CVE-2019-19067
2019-11-21 11:07:39
CVE-2019-19061
2019-11-21 11:38:04
CVE-2020-12888
2020-05-15 18:25:34
fedora
fedora
[SECURITY] Fedora 32 Update: kernel-5.6.14-300.fc32
2020-05-25 02:48:16
[SECURITY] Fedora 32 Update: kernel-5.7.14-200.fc32
2020-08-11 14:11:58
[SECURITY] Fedora 31 Update: kernel-5.7.15-100.fc31
2020-08-18 01:24:02
redhat
redhat
(RHSA-2020:5473) Moderate: kernel security and bug fix update
2020-12-15 15:55:19
(RHSA-2020:5418) Moderate: kernel security and bug fix update
2020-12-15 08:07:48
(RHSA-2020:5506) Moderate: kernel-rt security and bug fix update
2020-12-15 16:06:03
f5
f5
K43378049 : Linux kernel vulnerability CVE-2019-19074
2020-01-22 00:00:00
K01051400 : Linux kernel vulnerability CVE-2020-14356
2021-01-19 00:00:00
Linux kernel vulnerability CVE-2019-18808
2022-05-20 17:59:00
cbl_mariner
cbl_mariner
CVE-2020-16166 affecting package kernel 5.4.91-6
2021-03-03 03:44:27
CVE-2020-12888 affecting package kernel 5.4.91-6
2021-03-03 03:44:27
CVE-2020-14356 affecting package kernel 5.4.91-6
2021-03-03 03:44:27
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0314
2020-08-19 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0283
2020-09-14 00:00:00
Important Photon OS Security Update - PHSA-2020-0127
2020-08-18 00:00:00
ibm
ibm
Security Bulletin: This Power System update is being released to address CVE 2020-16166
2021-12-02 22:54:23
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
2021-05-19 09:52:24
debian
debian
[SECURITY] [DLA 2420-2] linux regression update
2020-10-31 16:14:20
[SECURITY] [DLA 2420-1] linux security update
2020-10-30 14:21:51
suse
suse
Security update for the Linux Kernel (important)
2020-08-21 00:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2020-10-21 22:25:53
centos
centos
bpftool, kernel, perf, python security update
2020-06-23 19:56:05

7.3 High

AI Score

Confidence

High

JSON
Related for UBUNTU_USN-4526-1.NASL
osv8ubuntu4openvas22cloudfoundry1nessus49amazon1oraclelinux7veracode10ubuntucve13cve13debiancve13prion13redhatcve13fedora4redhat9f53cbl_mariner3photon6ibm2debian2suse1slackware1centos1