Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-4147-1
HistoryOct 04, 2019 - 12:00 a.m.

Linux kernel vulnerabilities

2019-10-0400:00:00
ubuntu.com
155

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.3 High

AI Score

Confidence

High

9.4 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:N/A:C

0.019 Low

EPSS

Percentile

88.3%

JSON

Releases

  • Ubuntu 19.04
  • Ubuntu 18.04 ESM

Packages

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-gke-5.0 - Linux kernel for Google Container Engine (GKE) systems
  • linux-hwe - Linux hardware enablement (HWE) kernel
  • linux-kvm - Linux kernel for cloud environments
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors

Details

It was discovered that the Intel Wi-Fi device driver in the Linux kernel
did not properly validate certain Tunneled Direct Link Setup (TDLS). A
physically proximate attacker could use this to cause a denial of service
(Wi-Fi disconnect). (CVE-2019-0136)

It was discovered that the Bluetooth UART implementation in the Linux
kernel did not properly check for missing tty operations. A local attacker
could use this to cause a denial of service. (CVE-2019-10207)

It was discovered that the GTCO tablet input driver in the Linux kernel did
not properly bounds check the initial HID report sent by the device. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2019-13631)

It was discovered that an out-of-bounds read existed in the QLogic QEDI
iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly
use this to expose sensitive information (kernel memory). (CVE-2019-15090)

Hui Peng and Mathias Payer discovered that the USB audio driver for the
Linux kernel did not properly validate device meta data. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2019-15117)

Hui Peng and Mathias Payer discovered that the USB audio driver for the
Linux kernel improperly performed recursion while handling device meta
data. A physically proximate attacker could use this to cause a denial of
service (system crash). (CVE-2019-15118)

It was discovered that the Raremono AM/FM/SW radio device driver in the
Linux kernel did not properly allocate memory, leading to a use-after-free.
A physically proximate attacker could use this to cause a denial of service
or possibly execute arbitrary code. (CVE-2019-15211)

It was discovered at a double-free error existed in the USB Rio 500 device
driver for the Linux kernel. A physically proximate attacker could use this
to cause a denial of service. (CVE-2019-15212)

It was discovered that a race condition existed in the CPiA2 video4linux
device driver for the Linux kernel, leading to a use-after-free. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2019-15215)

It was discovered that a race condition existed in the Softmac USB Prism54
device driver in the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash). (CVE-2019-15220)

Benjamin Moody discovered that the XFS file system in the Linux kernel did
not properly handle an error condition when out of disk quota. A local
attacker could possibly use this to cause a denial of service.
(CVE-2019-15538)

It was discovered that the Hisilicon HNS3 ethernet device driver in the
Linux kernel contained an out of bounds access vulnerability. A local
attacker could use this to possibly cause a denial of service (system
crash). (CVE-2019-15925)

It was discovered that the Atheros mobile chipset driver in the Linux
kernel did not properly validate data in some situations. An attacker could
use this to cause a denial of service (system crash). (CVE-2019-15926)

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered
that the Bluetooth protocol BR/EDR specification did not properly require
sufficiently strong encryption key lengths. A physically proximate attacker
could use this to expose sensitive information. (CVE-2019-9506)

It was discovered that ZR364XX Camera USB device driver for the Linux
kernel did not properly initialize memory. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2019-15217)

It was discovered that the Siano USB MDTV receiver device driver in the
Linux kernel made improper assumptions about the device characteristics. A
physically proximate attacker could use this cause a denial of service
(system crash). (CVE-2019-15218)

It was discovered that the Line 6 POD USB device driver in the Linux kernel
did not properly validate data size information from the device. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2019-15221)

It was discovered that the Line 6 USB driver for the Linux kernel contained
a race condition when the device was disconnected. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15223)

Related

openvas 15
nessus 36
debian 6
osv 5
ubuntu 3
f5 5
ibm 3
cloudfoundry 2
suse 2
prion 18
cve 18
redhatcve 18
debiancve 18
veracode 6
ubuntucve 18
virtuozzo 1
photon 2
githubexploit 2
cert 1
mscve 1
fedora 2
oraclelinux 2
redhat 5
hp 1
thn 1
cisco 1
huawei 1
symantec 1
malwarebytes 1
fortinet 1
lenovo 1
intel 1
jvn 1
openvas
openvas
Ubuntu Update for linux USN-4147-1
2019-10-05 00:00:00
Debian LTS: Security Advisory for linux-4.9 (DLA-1919-1)
2019-09-14 00:00:00
Debian LTS: Security Advisory for linux (DLA-1930-1)
2019-09-26 00:00:00
nessus
nessus
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4147-1)
2019-10-07 00:00:00
Debian DLA-1919-2 : linux-4.9 security update
2019-09-16 00:00:00
Debian DLA-1930-1 : linux security update
2019-09-26 00:00:00
debian
debian
[SECURITY] [DLA 1919-2] linux-4.9 security update
2019-09-15 17:51:06
[SECURITY] [DLA 1919-1] linux-4.9 security update
2019-09-14 00:21:38
[SECURITY] [DLA 1930-1] linux security update
2019-09-25 09:49:28
osv
osv
linux-4.9 - security update
2019-09-12 00:00:00
linux - security update
2019-09-24 00:00:00
linux - security update
2019-09-25 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2019-10-01 00:00:00
Linux kernel regression
2019-09-11 00:00:00
Linux kernel vulnerabilities
2019-09-02 00:00:00
f5
f5
Linux kernel vulnerabilities CVE-2019-15217 and CVE-2019-15221
2022-05-20 17:01:00
K32592426 : Linux kernel vulnerability CVE-2019-15538
2019-10-14 00:00:00
K16449953 : Linux parse_audio_mixer_unit kernel vulnerability CVE-2019-15117
2019-10-10 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities
2020-07-13 20:37:42
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
2020-10-28 13:21:38
Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus
2020-04-01 00:35:26
cloudfoundry
cloudfoundry
USN-4115-1: Linux kernel vulnerabilities | Cloud Foundry
2019-09-30 00:00:00
USN-4115-2: Linux kernel regression | Cloud Foundry
2019-09-30 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2019-09-24 00:00:00
Security update for the Linux Kernel (important)
2019-09-25 00:00:00
prion
prion
Null pointer dereference
2019-08-19 22:15:00
Out-of-bounds
2019-09-04 21:15:00
Design/Logic Flaw
2019-08-19 22:15:00
cve
cve
CVE-2019-15223
2019-08-19 22:15:00
CVE-2019-15926
2019-09-04 21:15:00
CVE-2019-15221
2019-08-19 22:15:00
redhatcve
redhatcve
CVE-2019-15223
2020-04-01 20:23:18
CVE-2019-15220
2020-04-02 14:07:51
CVE-2019-15090
2020-03-05 19:38:49
debiancve
debiancve
CVE-2019-15223
2019-08-19 22:15:00
CVE-2019-15212
2019-08-19 22:15:00
CVE-2019-15925
2019-09-04 21:15:00
veracode
veracode
Denial Of Service (DoS)
2020-11-05 03:09:26
Denial Of Service (DoS)
2020-04-29 02:43:08
Privilege Escalation
2020-04-29 02:43:05
ubuntucve
ubuntucve
CVE-2019-15223
2019-08-19 00:00:00
CVE-2019-15925
2019-09-04 00:00:00
CVE-2019-15212
2019-08-19 00:00:00
virtuozzo
virtuozzo
Kernel security update: Virtuozzo ReadyKernel patch 98.0 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0, 3.5
2020-02-21 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2019-0028
2019-09-06 00:00:00
Critical Photon OS Security Update - PHSA-2019-3.0-0028
2019-09-06 00:00:00
githubexploit
githubexploit
Exploit for Use of a Broken or Risky Cryptographic Algorithm in Google Android
2019-08-15 11:54:21
Exploit for NULL Pointer Dereference in Linux Linux Kernel
2019-07-30 08:39:21
cert
cert
Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks
2019-08-14 00:00:00
mscve
mscve
Encryption Key Negotiation of Bluetooth Vulnerability
2019-08-13 07:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: kernel-headers-5.1.19-300.fc30
2019-07-26 01:01:21
[SECURITY] Fedora 29 Update: kernel-headers-5.1.20-200.fc29
2019-07-31 01:49:26
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2019-08-08 00:00:00
Unbreakable Enterprise kernel security update
2019-08-08 00:00:00
redhat
redhat
(RHSA-2019:3165) Important: kernel-rt security and bug fix update
2019-10-22 09:33:14
(RHSA-2019:3231) Important: kpatch-patch security update
2019-10-29 12:01:07
(RHSA-2019:3187) Important: kernel security and bug fix update
2019-10-23 08:34:56
hp
hp
HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerability
2019-12-04 00:00:00
thn
thn
New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections
2019-08-14 16:47:00
cisco
cisco
Key Negotiation of Bluetooth Vulnerability
2019-08-13 17:00:00
huawei
huawei
Security Advisory - Key Negotiation of Bluetooth (KNOB) Vulnerability
2019-08-28 00:00:00
symantec
symantec
Microsoft Windows Bluetooth CVE-2019-9506 Remote Security Vulnerability
2019-08-13 00:00:00
malwarebytes
malwarebytes
Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks
2019-08-21 15:56:45
fortinet
fortinet
CVE-2019-9506 Encryption Key Negotiation of Bluetooth (KNOB) Vulnerability
2020-04-23 00:00:00
lenovo
lenovo
Intel PROSet/Wireless WiFi Software Vulnerability - NL
2019-06-10 15:19:38
intel
intel
IntelĀ® PROSet/Wireless WiFi Software Advisory
2019-06-11 00:00:00
jvn
jvn
JVN#75617741: Intel Dual Band Wireless-AC 8260 vulnerable to denial-of-service (DoS)
2019-07-10 00:00:00

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.3 High

AI Score

Confidence

High

9.4 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:N/A:C

0.019 Low

EPSS

Percentile

88.3%

JSON
Related for USN-4147-1
openvas15nessus36debian6osv5ubuntu3f55ibm3cloudfoundry2suse2prion18cve18redhatcve18debiancve18veracode6ubuntucve18virtuozzo1photon2githubexploit2cert1mscve1fedora2oraclelinux2redhat5hp1thn1cisco1huawei1symantec1malwarebytes1fortinet1lenovo1intel1jvn1