Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. Various other issues were also addressed.
6816c4785b56430dc635ceb03383ffc424c8c6dc0006c08814cc9b42003fff08Ubuntu Security Notice 4068-2 - USN-4068-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 for Ubuntu 16.04 LTS. Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap ranges in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
0c4bf61b72468fcd59a246b2fd84f8d7a3793a8a497b643ce532083fd7e116b5Ubuntu Security Notice 4068-1 - Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap ranges in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
02490b8df8309a7ab7a198abb51f67d20d6ceaf3205fe71ffb4771c1202d0d72Debian Linux Security Advisory 4465-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
6462989fedaf07301b47a2563bc368b80ca7dfd5c7c7901bf9c00004dffd9a54Ubuntu Security Notice 4008-3 - USN-4008-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Robert Swiecki discovered that the Linux kernel did not properly apply Address Space Layout Randomization in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. Various other issues were also addressed.
aa4cc845dcf7f973e16414a993cbab9ad894d59053308b8791cfaee4cab3ec45Ubuntu Security Notice 4008-2 - USN-4008-1 fixed multiple security issues in the Linux kernel. This update provides the corresponding changes to AppArmor policy for correctly operating under the Linux kernel with fixes for CVE-2019-11190. Without these changes, some profile transitions may be unintentionally denied due to missing mmap rules. Various other issues were also addressed.
c97fb2344b40e7ddc46912f7c9dc4ea6b5dd01aeebc0a6341cad61542a0225e0Ubuntu Security Notice 4008-1 - Robert Swiecki discovered that the Linux kernel did not properly apply Address Space Layout Randomization in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
28114e961ef2f96e74aa757e323b74943c46e58122478366b1df1d6074638d36Ubuntu Security Notice 4005-1 - It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
cb55c4f202a85e5a5c2fda3d0a1e536277b8790f7e2414658187bbd445f733ab
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed