Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2020-2024 Canonical, Inc. / NASL script (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4527-1.NASL
HistorySep 22, 2020 - 12:00 a.m.

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4527-1)

2020-09-2200:00:00
Ubuntu Security Notice (C) 2020-2024 Canonical, Inc. / NASL script (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
40

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8

Confidence

High

EPSS

0.014

Percentile

86.4%

JSON

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4527-1 advisory.

  • A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)

  • Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)

  • A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
    (CVE-2019-19074)

  • An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
    (CVE-2019-20811)

  • In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check.
    This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9445)

  • In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9453)

  • In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID:
    A-120551147. (CVE-2020-0067)

  • A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4527-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(140724);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");

  script_cve_id(
    "CVE-2019-9445",
    "CVE-2019-9453",
    "CVE-2019-19054",
    "CVE-2019-19073",
    "CVE-2019-19074",
    "CVE-2019-20811",
    "CVE-2020-0067",
    "CVE-2020-25212"
  );
  script_xref(name:"USN", value:"4527-1");

  script_name(english:"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4527-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in
the USN-4527-1 advisory.

  - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux
    kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering
    kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)

  - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow
    attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout()
    failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the
    htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)

  - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel
    through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
    (CVE-2019-19074)

  - An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and
    netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
    (CVE-2019-20811)

  - In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check.
    This could lead to local information disclosure with system execution privileges needed. User interaction
    is not needed for exploitation. (CVE-2019-9445)

  - In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input
    validation. This could lead to local information disclosure with system execution privileges needed. User
    interaction is not needed for exploitation. (CVE-2019-9453)

  - In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds
    check. This could lead to local information disclosure with System execution privileges needed. User
    interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID:
    A-120551147. (CVE-2020-0067)

  - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers
    to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c
    instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4527-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25212");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/09/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1080-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1114-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1139-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1143-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-powerpc-e500mc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-powerpc-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-powerpc64-emb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-powerpc64-smp");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2020-2024 Canonical, Inc. / NASL script (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');
include('ksplice.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var kernel_mappings = {
  '16.04': {
    '4.4.0': {
      'generic': '4.4.0-190',
      'generic-lpae': '4.4.0-190',
      'lowlatency': '4.4.0-190',
      'powerpc-e500mc': '4.4.0-190',
      'powerpc-smp': '4.4.0-190',
      'powerpc64-emb': '4.4.0-190',
      'powerpc64-smp': '4.4.0-190',
      'kvm': '4.4.0-1080',
      'aws': '4.4.0-1114',
      'raspi2': '4.4.0-1139',
      'snapdragon': '4.4.0-1143'
    }
  }
};

var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);

var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
  extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
  else
{
  audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4527-1');
}

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  var cve_list = make_list('CVE-2019-9445', 'CVE-2019-9453', 'CVE-2019-19054', 'CVE-2019-19073', 'CVE-2019-19074', 'CVE-2019-20811', 'CVE-2020-0067', 'CVE-2020-25212');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4527-1');
  }
  else
  {
    extra = extra + ksplice_reporting_text();
  }
}
if (extra) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : extra
  );
  exit(0);
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linuxlinux-image-4.4.0-1080-kvmp-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1080-kvm
canonicalubuntu_linuxlinux-image-4.4.0-1114-awsp-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1114-aws
canonicalubuntu_linuxlinux-image-4.4.0-1139-raspi2p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1139-raspi2
canonicalubuntu_linuxlinux-image-4.4.0-1143-snapdragonp-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1143-snapdragon
canonicalubuntu_linuxlinux-image-4.4.0-190-genericp-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-generic
canonicalubuntu_linuxlinux-image-4.4.0-190-generic-lpaep-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-generic-lpae
canonicalubuntu_linuxlinux-image-4.4.0-190-lowlatencyp-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-lowlatency
canonicalubuntu_linuxlinux-image-4.4.0-190-powerpc-e500mcp-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-powerpc-e500mc
canonicalubuntu_linuxlinux-image-4.4.0-190-powerpc-smpp-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-powerpc-smp
Rows per page:
1-10 of 121

Related

openvas 22
osv 6
ubuntu 8
cloudfoundry 3
nessus 54
nvd 8
cvelist 8
prion 8
ubuntucve 8
redhatcve 8
cve 8
debiancve 8
veracode 7
amazon 3
f5 3
cbl_mariner 1
redhat 9
centos 2
oraclelinux 10
slackware 1
photon 4
virtuozzo 2
debian 2
suse 2
symantec 1
fedora 2
ibm 1
openvas
openvas
Ubuntu: Security Advisory (USN-4527-1)
2020-09-23 00:00:00
Ubuntu: Security Advisory (USN-4526-1)
2020-09-23 00:00:00
Ubuntu: Security Advisory (USN-4525-1)
2020-09-23 00:00:00
osv
osv
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities
2020-09-24 22:41:12
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2020-09-23 07:42:42
CVE-2019-19054
2019-11-18 06:15:11
ubuntu
ubuntu
Linux kernel vulnerabilities
2020-09-24 00:00:00
Linux kernel vulnerabilities
2020-09-23 00:00:00
Linux kernel vulnerabilities
2020-09-24 00:00:00
cloudfoundry
cloudfoundry
USN-4526-1: Linux kernel vulnerabilities | Cloud Foundry
2020-11-19 00:00:00
USN-4578-1: Linux kernel vulnerabilities | Cloud Foundry
2020-11-19 00:00:00
USN-4390-1: Linux kernel vulnerabilities | Cloud Foundry
2020-06-22 00:00:00
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4526-1)
2020-09-22 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4525-1)
2020-09-22 00:00:00
Amazon Linux 2 : kernel (ALAS-2020-1480)
2020-08-26 00:00:00
nvd
nvd
CVE-2019-20811
2020-06-03 03:15:10
CVE-2019-9453
2019-09-06 22:15:13
CVE-2019-19054
2019-11-18 06:15:11
cvelist
cvelist
CVE-2019-9453
2019-09-06 21:51:06
CVE-2019-19054
2019-11-18 05:23:53
CVE-2019-20811
2020-06-03 02:44:12
prion
prion
Out-of-bounds
2019-09-06 22:15:00
Design/Logic Flaw
2020-06-03 03:15:00
Memory corruption
2019-11-18 06:15:00
ubuntucve
ubuntucve
CVE-2019-9453
2019-09-06 00:00:00
CVE-2019-19054
2019-11-18 00:00:00
CVE-2019-19074
2019-11-18 00:00:00
redhatcve
redhatcve
CVE-2019-9453
2020-04-07 05:01:43
CVE-2019-20811
2020-06-11 15:56:28
CVE-2019-19073
2020-04-08 22:01:12
cve
cve
CVE-2019-9453
2019-09-06 22:15:13
CVE-2019-20811
2020-06-03 03:15:10
CVE-2019-19054
2019-11-18 06:15:11
debiancve
debiancve
CVE-2019-19054
2019-11-18 06:15:11
CVE-2019-20811
2020-06-03 03:15:10
CVE-2019-19074
2019-11-18 06:15:13
veracode
veracode
Denial Of Service (DoS)
2020-09-24 11:04:14
Information Disclosure
2020-09-21 06:29:10
Denial Of Service (DoS)
2020-05-06 03:17:05
amazon
amazon
Important: kernel
2020-08-18 20:29:00
Important: kernel
2020-08-18 20:29:00
Important: kernel
2020-09-28 20:57:00
f5
f5
K43378049 : Linux kernel vulnerability CVE-2019-19074
2020-01-22 00:00:00
K42355373 : Linux NFS kernel vulnerablity CVE-2020-25212
2021-03-01 00:00:00
K52525232 : Linux kernel vulnerability CVE-2019-20811
2021-05-18 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-25212 affecting package kernel 5.4.91-6
2021-03-03 03:44:27
redhat
redhat
(RHSA-2020:5026) Moderate: kernel-rt security and bug fix update
2020-11-10 09:41:25
(RHSA-2020:5023) Moderate: kernel security and bug fix update
2020-11-10 09:41:13
(RHSA-2021:0526) Moderate: kernel security and bug fix update
2021-02-16 07:11:07
centos
centos
bpftool, kernel, perf, python security update
2020-11-18 18:02:50
bpftool, kernel, perf, python security update
2020-12-21 20:45:16
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2020-10-09 00:00:00
Unbreakable Enterprise kernel security update
2020-08-06 00:00:00
Unbreakable Enterprise kernel security update
2020-08-06 00:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2020-10-21 22:25:53
photon
photon
Important Photon OS Security Update - PHSA-2019-0046
2019-12-16 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0296
2020-11-17 00:00:00
Important Photon OS Security Update - PHSA-2019-3.0-0046
2019-12-17 00:00:00
virtuozzo
virtuozzo
Kernel security update: Virtuozzo ReadyKernel patch 116.0 for Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform 2.5, 3.0, and Virtuozzo Hybrid Infrastructure 3.5
2020-09-18 00:00:00
Important kernel security update: Virtuozzo ReadyKernel patch 117.0 for Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0
2020-10-09 00:00:00
debian
debian
[SECURITY] [DLA 2420-2] linux regression update
2020-10-31 16:14:20
[SECURITY] [DLA 2420-1] linux security update
2020-10-30 14:21:51
suse
suse
Security update for the Linux Kernel (important)
2020-10-17 00:00:00
Security update for the Linux Kernel (important)
2020-10-19 00:00:00
symantec
symantec
Linux Kernel Multiple Memory Leak Denial of Service Vulnerabilities
2019-09-14 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: kernel-5.3.12-300.fc31
2019-11-27 00:25:48
[SECURITY] Fedora 31 Update: kernel-5.3.13-300.fc31
2019-12-02 01:15:11
ibm
ibm
Security Bulletin: Vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus
2021-10-06 01:30:01

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8

Confidence

High

EPSS

0.014

Percentile

86.4%

JSON
Related for UBUNTU_USN-4527-1.NASL
openvas22osv6ubuntu8cloudfoundry3nessus54nvd8cvelist8prion8ubuntucve8redhatcve8cve8debiancve8veracode7amazon3f53cbl_mariner1redhat9centos2oraclelinux10slackware1photon4virtuozzo2debian2suse2symantec1fedora2ibm1