logo
DATABASE RESOURCES PRICING ABOUT US

Linux kernel (HWE) vulnerabilities

Description

USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884)


Affected Package


OS OS Version Package Name Package Version
Ubuntu 18.04 linux-image-5.0.0-23-generic 5.0.0-23.24~18.04.1
Ubuntu 18.04 linux-image-5.0.0-23-generic-lpae 5.0.0-23.24~18.04.1
Ubuntu 18.04 linux-image-5.0.0-23-lowlatency 5.0.0-23.24~18.04.1
Ubuntu 18.04 linux-image-generic-hwe-18.04 5.0.0.23.80
Ubuntu 18.04 linux-image-generic-lpae-hwe-18.04 5.0.0.23.80
Ubuntu 18.04 linux-image-lowlatency-hwe-18.04 5.0.0.23.80
Ubuntu 18.04 linux-image-snapdragon-hwe-18.04 5.0.0.23.80
Ubuntu 18.04 linux-image-virtual-hwe-18.04 5.0.0.23.80

Related