CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
58.1%
It was discovered that the Linux kernel did not properly clear data
structures on context switches for certain Intel graphics processors. A
local attacker could use this to expose sensitive information.
(CVE-2019-14615)
It was discovered that a race condition existed in the Virtual Video Test
Driver in the Linux kernel. An attacker with write access to /dev/video0 on
a system with the vivid module loaded could possibly use this to gain
administrative privileges. (CVE-2019-18683)
It was discovered that the btrfs file system in the Linux kernel did not
properly validate metadata, leading to a NULL pointer dereference. An
attacker could use this to specially craft a file system image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-18885)
It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex
Driver for the Linux kernel. A local attacker could possibly use this to
cause a denial of service (kernel memory exhaustion). (CVE-2019-19057)
It was discovered that the crypto subsystem in the Linux kernel did not
properly deallocate memory in certain error conditions. A local attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2019-19062)
It was discovered that the Realtek rtlwifi USB device driver in the Linux
kernel did not properly deallocate memory in certain error conditions. A
local attacker could possibly use this to cause a denial of service (kernel
memory exhaustion). (CVE-2019-19063)
Dan Carpenter discovered that the AppleTalk networking subsystem of the
Linux kernel did not properly handle certain error conditions, leading to a
NULL pointer dereference. A local attacker could use this to cause a denial
of service (system crash). (CVE-2019-19227)
It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly handle ioctl requests to get emulated CPUID
features. An attacker with access to /dev/kvm could use this to cause a
denial of service (system crash). (CVE-2019-19332)
It was discovered that the B2C2 FlexCop USB device driver in the Linux
kernel did not properly validate device metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15291)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 16.04 | noarch | linux-image-4.4.0-1065-kvm | <Ā 4.4.0-1065.72 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-buildinfo-4.4.0-1065-kvm | <Ā 4.4.0-1065.72 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-cloud-tools-4.4.0-1065-kvm | <Ā 4.4.0-1065.72 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-headers-4.4.0-1065-kvm | <Ā 4.4.0-1065.72 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-image-4.4.0-1065-kvm-dbgsym | <Ā 4.4.0-1065.72 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-cloud-tools-4.4.0-1065 | <Ā 4.4.0-1065.72 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-headers-4.4.0-1065 | <Ā 4.4.0-1065.72 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-tools-4.4.0-1065 | <Ā 4.4.0-1065.72 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-modules-4.4.0-1065-kvm | <Ā 4.4.0-1065.72 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-tools-4.4.0-1065-kvm | <Ā 4.4.0-1065.72 | UNKNOWN |
ubuntu.com/security/CVE-2019-14615
ubuntu.com/security/CVE-2019-15291
ubuntu.com/security/CVE-2019-18683
ubuntu.com/security/CVE-2019-18885
ubuntu.com/security/CVE-2019-19057
ubuntu.com/security/CVE-2019-19062
ubuntu.com/security/CVE-2019-19063
ubuntu.com/security/CVE-2019-19227
ubuntu.com/security/CVE-2019-19332
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
58.1%