All Vulnerability Reports

USN-4526-1: Linux kernel vulnerabilities


Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 16.04

Description

It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-18808)

It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19054)

It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19061)

It was discovered that the AMD Audio Coprocessor driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker with the ability to load modules could use this to cause a denial of service (memory exhaustion). (CVE-2019-19067)

It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19073, CVE-2019-19074)

It was discovered that the F2FS file system in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of- bounds read. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-9445)

It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12888)

It was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2020-14356)

It was discovered that the state of network RNG in the Linux kernel was potentially observable. A remote attacker could use this to expose sensitive information. (CVE-2020-16166)

CVEs contained in this USN include: CVE-2019-19061, CVE-2019-19067, CVE-2020-14356, CVE-2019-18808, CVE-2019-19054, CVE-2020-12888, CVE-2020-16166, CVE-2019-19073, CVE-2019-19074, CVE-2019-9445

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

Vulnerable Cloud Foundry components individually listed here. Impacted stemcells may be updated independently of upgrading Tanzu Application Service or Isolation Segment.

  • Isolation Segment
    • 2.7.x versions prior to 2.7.25
    • 2.8.x versions prior to 2.8.19
    • 2.9.x versions prior to 2.9.13
    • 2.10.x versions prior to 2.10.5
  • Operations Manager
    • 2.7 versions prior to 2.7.25
    • 2.8 versions prior to 2.8.15
    • 2.9 versions prior to 2.9.12
    • 2.10 versions prior to 2.10.3
  • VMware Tanzu Application Service for VMs
    • 2.7.x versions prior to 2.7.25
    • 2.8.x versions prior to 2.8.19
    • 2.9.x versions prior to 2.9.13
    • 2.10.x versions prior to 2.10.5

Mitigation

Users of affected products are strongly encouraged to follow the mitigation below. The Cloud Foundry security team recommends upgrading the affected OSS components listed here if applicable. Upgrade VMware Tanzu products that use earlier versions of CF components to new Tanzu releases using new versions linked above. On the Tanzu Network product page for each release, check the Depends On section and/or Release Notes for this information. Releases that have fixed this issue include:

  • Isolation Segment
    • 2.7.25
    • 2.8.19
    • 2.9.13
    • 2.10.5
  • Operations Manager
    • 2.7.25
    • 2.8.15
    • 2.9.12
    • 2.10.3
  • VMware Tanzu Application Service for VMs
    • 2.7.25
    • 2.8.19
    • 2.9.13
    • 2.10.5

References

History

2020-11-20: Initial vulnerability report published.