Lucene search

UbuntuUSN-4006-2

HistoryJun 04, 2019 - 12:00 a.m.

Linux kernel (HWE) vulnerability

2019-06-0400:00:00

ubuntu.com

2.5 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

3.6 Low

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Releases

Ubuntu 18.04 ESM

Packages

linux-hwe - Linux hardware enablement (HWE) kernel

Details

USN-4006-1 fixed a vulnerability in the Linux kernel for Ubuntu 18.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS.

Federico Manuel Bento discovered that the Linux kernel did not properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out binary.

As a hardening measure, this update disables a.out support.

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchlinux-image-4.18.0-21-generic< 4.18.0-21.22~18.04.1UNKNOWN
Ubuntu18.04noarchkernel-signed-image-4.18.0-21-generic-di< 4.18.0-21.22~18.04.1UNKNOWN
Ubuntu18.04noarchlinux-image-4.18.0-21-generic-dbgsym< 4.18.0-21.22~18.04.1UNKNOWN
Ubuntu18.04noarchlinux-image-4.18.0-21-lowlatency< 4.18.0-21.22~18.04.1UNKNOWN
Ubuntu18.04noarchlinux-image-4.18.0-21-lowlatency-dbgsym< 4.18.0-21.22~18.04.1UNKNOWN
Ubuntu18.04noarchlinux-image-4.18.0-21-generic-lpae< 4.18.0-21.22~18.04.1UNKNOWN
Ubuntu18.04noarchblock-modules-4.18.0-21-generic-di< 4.18.0-21.22~18.04.1UNKNOWN
Ubuntu18.04noarchcrypto-modules-4.18.0-21-generic-di< 4.18.0-21.22~18.04.1UNKNOWN
Ubuntu18.04noarchfat-modules-4.18.0-21-generic-di< 4.18.0-21.22~18.04.1UNKNOWN
Ubuntu18.04noarchfb-modules-4.18.0-21-generic-di< 4.18.0-21.22~18.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	18.04	noarch	linux-image-4.18.0-21-generic	< 4.18.0-21.22~18.04.1	UNKNOWN
Ubuntu	18.04	noarch	kernel-signed-image-4.18.0-21-generic-di	< 4.18.0-21.22~18.04.1	UNKNOWN
Ubuntu	18.04	noarch	linux-image-4.18.0-21-generic-dbgsym	< 4.18.0-21.22~18.04.1	UNKNOWN
Ubuntu	18.04	noarch	linux-image-4.18.0-21-lowlatency	< 4.18.0-21.22~18.04.1	UNKNOWN
Ubuntu	18.04	noarch	linux-image-4.18.0-21-lowlatency-dbgsym	< 4.18.0-21.22~18.04.1	UNKNOWN
Ubuntu	18.04	noarch	linux-image-4.18.0-21-generic-lpae	< 4.18.0-21.22~18.04.1	UNKNOWN
Ubuntu	18.04	noarch	block-modules-4.18.0-21-generic-di	< 4.18.0-21.22~18.04.1	UNKNOWN
Ubuntu	18.04	noarch	crypto-modules-4.18.0-21-generic-di	< 4.18.0-21.22~18.04.1	UNKNOWN
Ubuntu	18.04	noarch	fat-modules-4.18.0-21-generic-di	< 4.18.0-21.22~18.04.1	UNKNOWN
Ubuntu	18.04	noarch	fb-modules-4.18.0-21-generic-di	< 4.18.0-21.22~18.04.1	UNKNOWN