USN-4068-2: Linux kernel (HWE) vulnerabilities
First published: Tue Jul 23 2019(Updated: )
USN-4068-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 for Ubuntu 16.04 LTS. Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is disabled via blocklist by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-4.15.0-1037-gcp | <4.15.0-1037.39~16.04.1 | 4.15.0-1037.39~16.04.1 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.15.0-55-generic | <4.15.0-55.60~16.04.2 | 4.15.0-55.60~16.04.2 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.15.0-55-generic-lpae | <4.15.0-55.60~16.04.2 | 4.15.0-55.60~16.04.2 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.15.0-55-lowlatency | <4.15.0-55.60~16.04.2 | 4.15.0-55.60~16.04.2 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-gcp | <4.15.0.1037.51 | 4.15.0.1037.51 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-generic-hwe-16.04 | <4.15.0.55.76 | 4.15.0.55.76 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-generic-lpae-hwe-16.04 | <4.15.0.55.76 | 4.15.0.55.76 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-gke | <4.15.0.1037.51 | 4.15.0.1037.51 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-lowlatency-hwe-16.04 | <4.15.0.55.76 | 4.15.0.55.76 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-oem | <4.15.0.55.76 | 4.15.0.55.76 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-virtual-hwe-16.04 | <4.15.0.55.76 | 4.15.0.55.76 |
| =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2019-11085
- https://ubuntu.com/security/CVE-2019-11815
- https://ubuntu.com/security/CVE-2019-11833
- https://ubuntu.com/security/CVE-2019-11884
- https://ubuntu.com/security/notices/USN-4118-1
- https://ubuntu.com/security/notices/USN-4068-1
- https://ubuntu.com/security/notices/USN-4008-1
- https://ubuntu.com/security/notices/USN-4008-3
- https://ubuntu.com/security/notices/USN-4005-1
- https://ubuntu.com/security/notices/USN-4076-1
- https://ubuntu.com/security/notices/USN-4069-2
- https://ubuntu.com/security/notices/USN-4095-2
- https://ubuntu.com/security/notices/USN-4069-1
- https://launchpad.net/ubuntu/+source/linux-signed-gcp/4.15.0-1037.39~16.04.1
- https://launchpad.net/ubuntu/+source/linux-signed-hwe/4.15.0-55.60~16.04.2
- https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-55.60~16.04.2
- https://launchpad.net/ubuntu/+source/linux-meta-gcp/4.15.0.1037.51
- https://launchpad.net/ubuntu/+source/linux-meta-hwe/4.15.0.55.76
- https://ubuntu.com/security/notices/USN-4068-2 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this update?
The vulnerability ID for this update is USN-4068-2.
What is the severity of USN-4068-2?
The severity of USN-4068-2 is not specified in the provided information.
What is the affected software for this vulnerability?
The affected software for this vulnerability is the Linux kernel for Ubuntu 16.04 LTS.
What is the remedy for this vulnerability?
The remedy for this vulnerability is to update the Linux kernel to the specified versions: linux-image-4.15.0-1037-gcp, linux-image-4.15.0-55-generic, linux-image-4.15.0-55-generic-lpae, linux-image-4.15.0-55-lowlatency, linux-image-gcp, linux-image-generic-hwe-16.04, linux-image-generic-lpae-hwe-16.04, linux-image-gke, linux-image-lowlatency-hwe-16.04, linux-image-oem, linux-image-virtual-hwe-16.04.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following links: [CVE-2019-11085](https://ubuntu.com/security/CVE-2019-11085), [CVE-2019-11815](https://ubuntu.com/security/CVE-2019-11815), [CVE-2019-11833](https://ubuntu.com/security/CVE-2019-11833).
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/usn
- source/Ubuntu
- anchor-related/USN-4118-1
- anchor-related/USN-4068-1
- anchor-related/USN-4008-1
- anchor-related/USN-4008-3
- anchor-related/USN-4005-1
- anchor-related/USN-4076-1
- anchor-related/USN-4069-2
- anchor-related/USN-4095-2
- anchor-related/USN-4069-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/16.04