What is the vulnerability ID for these Linux kernel vulnerabilities?

The vulnerability ID for these Linux kernel vulnerabilities is CVE-2018-20836.

What is the impact of the Linux kernel vulnerability (CVE-2018-20836)?

The Linux kernel vulnerability (CVE-2018-20836) can potentially cause a denial of service (system crash) or execute arbitrary code.

Which versions of Ubuntu are affected by these Linux kernel vulnerabilities?

The Linux kernel vulnerabilities affect Ubuntu 16.04.

How can I fix the Linux kernel vulnerability (CVE-2018-20836)?

To fix the Linux kernel vulnerability (CVE-2018-20836), update your Ubuntu system to version 4.4.0-1052.59 or later.

Where can I find more information about these Linux kernel vulnerabilities?

More information about these Linux kernel vulnerabilities can be found on the Ubuntu security website.

Vulnerability/
USN-4076-1

CWE

190 362

25/7/2019

USN-4076-1: Linux kernel vulnerabilities

First published: Thu Jul 25 2019(Updated: )

It was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20836) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. (CVE-2019-2054) Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel did not properly prevent remote firmware events from being processed for USB Wifi devices. A physically proximate attacker could use this to send firmware events to the device. (CVE-2019-9503) It was discovered that an integer overflow existed in the Freescale (PowerPC) hypervisor manager in the Linux kernel. A local attacker with write access to /dev/fsl-hv could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10142)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-4.4.0-1052-kvm	<4.4.0-1052.59	4.4.0-1052.59
	=16.04
All of
ubuntu/linux-image-4.4.0-1088-aws	<4.4.0-1088.99	4.4.0-1088.99
	=16.04
All of
ubuntu/linux-image-4.4.0-1117-raspi2	<4.4.0-1117.126	4.4.0-1117.126
	=16.04
All of
ubuntu/linux-image-4.4.0-157-generic	<4.4.0-157.185	4.4.0-157.185
	=16.04
All of
ubuntu/linux-image-4.4.0-157-generic-lpae	<4.4.0-157.185	4.4.0-157.185
	=16.04
All of
ubuntu/linux-image-4.4.0-157-lowlatency	<4.4.0-157.185	4.4.0-157.185
	=16.04
All of
ubuntu/linux-image-4.4.0-157-powerpc-e500mc	<4.4.0-157.185	4.4.0-157.185
	=16.04
All of
ubuntu/linux-image-4.4.0-157-powerpc-smp	<4.4.0-157.185	4.4.0-157.185
	=16.04
All of
ubuntu/linux-image-4.4.0-157-powerpc64-emb	<4.4.0-157.185	4.4.0-157.185
	=16.04
All of
ubuntu/linux-image-4.4.0-157-powerpc64-smp	<4.4.0-157.185	4.4.0-157.185
	=16.04
All of
ubuntu/linux-image-aws	<4.4.0.1088.91	4.4.0.1088.91
	=16.04
All of
ubuntu/linux-image-generic	<4.4.0.157.165	4.4.0.157.165
	=16.04
All of
ubuntu/linux-image-generic-lpae	<4.4.0.157.165	4.4.0.157.165
	=16.04
All of
ubuntu/linux-image-kvm	<4.4.0.1052.52	4.4.0.1052.52
	=16.04
All of
ubuntu/linux-image-lowlatency	<4.4.0.157.165	4.4.0.157.165
	=16.04
All of
ubuntu/linux-image-powerpc-e500mc	<4.4.0.157.165	4.4.0.157.165
	=16.04
All of
ubuntu/linux-image-powerpc-smp	<4.4.0.157.165	4.4.0.157.165
	=16.04
All of
ubuntu/linux-image-powerpc64-emb	<4.4.0.157.165	4.4.0.157.165
	=16.04
All of
ubuntu/linux-image-powerpc64-smp	<4.4.0.157.165	4.4.0.157.165
	=16.04
All of
ubuntu/linux-image-raspi2	<4.4.0.1117.117	4.4.0.1117.117
	=16.04
All of
ubuntu/linux-image-virtual	<4.4.0.157.165	4.4.0.157.165
	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for these Linux kernel vulnerabilities?
The vulnerability ID for these Linux kernel vulnerabilities is CVE-2018-20836.
What is the impact of the Linux kernel vulnerability (CVE-2018-20836)?
The Linux kernel vulnerability (CVE-2018-20836) can potentially cause a denial of service (system crash) or execute arbitrary code.
Which versions of Ubuntu are affected by these Linux kernel vulnerabilities?
The Linux kernel vulnerabilities affect Ubuntu 16.04.
How can I fix the Linux kernel vulnerability (CVE-2018-20836)?
To fix the Linux kernel vulnerability (CVE-2018-20836), update your Ubuntu system to version 4.4.0-1052.59 or later.
Where can I find more information about these Linux kernel vulnerabilities?
More information about these Linux kernel vulnerabilities can be found on the Ubuntu security website.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
agent/weakness
collector/usn
source/Ubuntu
anchor-related/USN-4118-1
anchor-related/USN-4068-2
anchor-related/USN-4068-1
anchor-related/USN-4069-2
anchor-related/USN-4095-2
anchor-related/USN-4069-1
anchor-related/USN-4095-1
anchor-related/USN-3980-1
anchor-related/USN-3981-1
anchor-related/USN-3981-2
anchor-related/USN-3980-2
anchor-related/USN-3979-1
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/16.04