USN-4135-1: Linux kernel vulnerabilities

Sep 18, 2019 12:01 pm Cyber Security 270

18 September 2019

linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 19.04

Ubuntu 18.04 LTS

Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software Description

linux - Linux kernel

linux-aws - Linux kernel for Amazon Web Services (AWS) systems

linux-azure - Linux kernel for Microsoft Azure Cloud systems

linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems

linux-kvm - Linux kernel for cloud environments

linux-raspi2 - Linux kernel for Raspberry Pi 2

linux-snapdragon - Linux kernel for Snapdragon processors

linux-gke-4.15 - Linux kernel for Google Container Engine (GKE) systems

linux-gke-5.0 - Linux kernel for Google Container Engine (GKE) systems

linux-hwe - Linux hardware enablement (HWE) kernel

linux-oem - Linux kernel for OEM processors

linux-oracle - Linux kernel for Oracle Cloud systems

linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems

Details

Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835)

It was discovered that the Linux kernel on PowerPC architectures did not properly handle Facility Unavailable exceptions in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-15030)

It was discovered that the ..

Support the originator by clicking the read the rest link below.