USN-4094-1: Linux kernel vulnerabilities
First published: Tue Aug 13 2019(Updated: )
It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-4.15.0-1021-oracle | <4.15.0-1021.23 | 4.15.0-1021.23 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-1040-gcp | <4.15.0-1040.42 | 4.15.0-1040.42 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-1040-gke | <4.15.0-1040.42 | 4.15.0-1040.42 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-1042-kvm | <4.15.0-1042.42 | 4.15.0-1042.42 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-1043-raspi2 | <4.15.0-1043.46 | 4.15.0-1043.46 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-1050-oem | <4.15.0-1050.57 | 4.15.0-1050.57 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-1060-snapdragon | <4.15.0-1060.66 | 4.15.0-1060.66 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-58-generic | <4.15.0-58.64 | 4.15.0-58.64 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-58-generic-lpae | <4.15.0-58.64 | 4.15.0-58.64 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-58-lowlatency | <4.15.0-58.64 | 4.15.0-58.64 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-gcp | <4.15.0.1040.42 | 4.15.0.1040.42 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-generic | <4.15.0.58.60 | 4.15.0.58.60 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-generic-lpae | <4.15.0.58.60 | 4.15.0.58.60 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-gke | <4.15.0.1040.43 | 4.15.0.1040.43 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-gke-4.15 | <4.15.0.1040.43 | 4.15.0.1040.43 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-kvm | <4.15.0.1042.42 | 4.15.0.1042.42 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-lowlatency | <4.15.0.58.60 | 4.15.0.58.60 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-oem | <4.15.0.1050.54 | 4.15.0.1050.54 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-oracle | <4.15.0.1021.24 | 4.15.0.1021.24 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-raspi2 | <4.15.0.1043.41 | 4.15.0.1043.41 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-snapdragon | <4.15.0.1060.63 | 4.15.0.1060.63 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-virtual | <4.15.0.58.60 | 4.15.0.58.60 |
| Ubuntu OpenSSH Client | =18.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-1021-oracle | <4.15.0-1021.23~16.04.1 | 4.15.0-1021.23~16.04.1 |
| Ubuntu OpenSSH Client | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-1040-gcp | <4.15.0-1040.42~16.04.1 | 4.15.0-1040.42~16.04.1 |
| Ubuntu OpenSSH Client | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-58-generic | <4.15.0-58.64~16.04.1 | 4.15.0-58.64~16.04.1 |
| Ubuntu OpenSSH Client | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-58-generic-lpae | <4.15.0-58.64~16.04.1 | 4.15.0-58.64~16.04.1 |
| Ubuntu OpenSSH Client | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.15.0-58-lowlatency | <4.15.0-58.64~16.04.1 | 4.15.0-58.64~16.04.1 |
| Ubuntu OpenSSH Client | =16.04 | |
| All of | ||
| ubuntu/linux-image-gcp | <4.15.0.1040.54 | 4.15.0.1040.54 |
| Ubuntu OpenSSH Client | =16.04 | |
| All of | ||
| ubuntu/linux-image-generic-hwe-16.04 | <4.15.0.58.79 | 4.15.0.58.79 |
| Ubuntu OpenSSH Client | =16.04 | |
| All of | ||
| ubuntu/linux-image-generic-lpae-hwe-16.04 | <4.15.0.58.79 | 4.15.0.58.79 |
| Ubuntu OpenSSH Client | =16.04 | |
| All of | ||
| ubuntu/linux-image-gke | <4.15.0.1040.54 | 4.15.0.1040.54 |
| Ubuntu OpenSSH Client | =16.04 | |
| All of | ||
| ubuntu/linux-image-lowlatency-hwe-16.04 | <4.15.0.58.79 | 4.15.0.58.79 |
| Ubuntu OpenSSH Client | =16.04 | |
| All of | ||
| ubuntu/linux-image-oem | <4.15.0.58.79 | 4.15.0.58.79 |
| Ubuntu OpenSSH Client | =16.04 | |
| All of | ||
| ubuntu/linux-image-oracle | <4.15.0.1021.15 | 4.15.0.1021.15 |
| Ubuntu OpenSSH Client | =16.04 | |
| All of | ||
| ubuntu/linux-image-virtual-hwe-16.04 | <4.15.0.58.79 | 4.15.0.58.79 |
| Ubuntu OpenSSH Client | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2018-13053
- https://ubuntu.com/security/CVE-2018-13093
- https://ubuntu.com/security/CVE-2018-13096
- https://ubuntu.com/security/CVE-2018-13097
- https://ubuntu.com/security/CVE-2018-13098
- https://ubuntu.com/security/CVE-2018-13099
- https://ubuntu.com/security/CVE-2018-13100
- https://ubuntu.com/security/CVE-2018-14609
- https://ubuntu.com/security/CVE-2018-14610
- https://ubuntu.com/security/CVE-2018-14611
- https://ubuntu.com/security/CVE-2018-14612
- https://ubuntu.com/security/CVE-2018-14613
- https://ubuntu.com/security/CVE-2018-14614
- https://ubuntu.com/security/CVE-2018-14615
- https://ubuntu.com/security/CVE-2018-14616
- https://ubuntu.com/security/CVE-2018-14617
- https://ubuntu.com/security/CVE-2018-16862
- https://ubuntu.com/security/CVE-2018-20169
- https://ubuntu.com/security/CVE-2018-20511
- https://ubuntu.com/security/CVE-2018-20856
- https://ubuntu.com/security/CVE-2018-5383
- https://ubuntu.com/security/CVE-2019-10126
- https://ubuntu.com/security/CVE-2019-1125
- https://ubuntu.com/security/CVE-2019-12614
- https://ubuntu.com/security/CVE-2019-12818
- https://ubuntu.com/security/CVE-2019-12819
- https://ubuntu.com/security/CVE-2019-12984
- https://ubuntu.com/security/CVE-2019-13233
- https://ubuntu.com/security/CVE-2019-13272
- https://ubuntu.com/security/CVE-2019-2024
- https://ubuntu.com/security/CVE-2019-2101
- https://ubuntu.com/security/CVE-2019-3846
- https://ubuntu.com/security/notices/USN-3821-1
- https://ubuntu.com/security/notices/USN-4118-1
- https://ubuntu.com/security/notices/USN-3821-2
- https://ubuntu.com/security/notices/USN-4708-1
- https://ubuntu.com/security/notices/USN-4709-1
- https://ubuntu.com/security/notices/USN-3932-1
- https://ubuntu.com/security/notices/USN-3932-2
- https://ubuntu.com/security/notices/USN-3879-1
- https://ubuntu.com/security/notices/USN-3879-2
- https://ubuntu.com/security/notices/USN-4116-1
- https://ubuntu.com/security/notices/USN-4095-1
- https://ubuntu.com/security/notices/USN-4095-2
- https://ubuntu.com/security/notices/USN-4351-1
- https://ubuntu.com/security/notices/USN-4117-1
- https://ubuntu.com/security/notices/USN-4093-1
- https://ubuntu.com/security/notices/USN-4096-1
- https://launchpad.net/ubuntu/+source/linux-signed-oracle/4.15.0-1021.23
- https://launchpad.net/ubuntu/+source/linux-signed-gcp/4.15.0-1040.42
- https://launchpad.net/ubuntu/+source/linux-signed-gke-4.15/4.15.0-1040.42
- https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42
- https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46
- https://launchpad.net/ubuntu/+source/linux-signed-oem/4.15.0-1050.57
- https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66
- https://launchpad.net/ubuntu/+source/linux-signed/4.15.0-58.64
- https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64
- https://launchpad.net/ubuntu/+source/linux-meta-gcp/4.15.0.1040.42
- https://launchpad.net/ubuntu/+source/linux-meta/4.15.0.58.60
- https://launchpad.net/ubuntu/+source/linux-meta-gke-4.15/4.15.0.1040.43
- https://launchpad.net/ubuntu/+source/linux-meta-kvm/4.15.0.1042.42
- https://launchpad.net/ubuntu/+source/linux-meta-oem/4.15.0.1050.54
- https://launchpad.net/ubuntu/+source/linux-meta-oracle/4.15.0.1021.24
- https://launchpad.net/ubuntu/+source/linux-meta-raspi2/4.15.0.1043.41
- https://launchpad.net/ubuntu/+source/linux-meta-snapdragon/4.15.0.1060.63
- https://launchpad.net/ubuntu/+source/linux-signed-oracle/4.15.0-1021.23~16.04.1
- https://launchpad.net/ubuntu/+source/linux-signed-gcp/4.15.0-1040.42~16.04.1
- https://launchpad.net/ubuntu/+source/linux-signed-hwe/4.15.0-58.64~16.04.1
- https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1
- https://launchpad.net/ubuntu/+source/linux-meta-gcp/4.15.0.1040.54
- https://launchpad.net/ubuntu/+source/linux-meta-hwe/4.15.0.58.79
- https://launchpad.net/ubuntu/+source/linux-meta-oracle/4.15.0.1021.15
- https://ubuntu.com/security/notices/USN-4094-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
- CVE-2018-13053
- CVE-2018-13093
- CVE-2018-13096
- CVE-2018-13097
- CVE-2018-13098
- CVE-2018-13099
- CVE-2018-13100
- CVE-2018-14609
- CVE-2018-14610
- CVE-2018-14611
- CVE-2018-14612
- CVE-2018-14613
- CVE-2018-14614
- CVE-2018-14615
- CVE-2018-14616
- CVE-2018-14617
- CVE-2018-16862
- CVE-2018-20169
- CVE-2018-20511
- CVE-2018-20856
- CVE-2018-5383
- CVE-2019-10126
- CVE-2019-1125
- CVE-2019-12614
- CVE-2019-12818
- CVE-2019-12819
- CVE-2019-12984
- CVE-2019-13233
- CVE-2019-13272
- CVE-2019-2024
- CVE-2019-2101
- CVE-2019-3846
Frequently Asked Questions
What is the severity of USN-4094-1?
The severity of USN-4094-1 is classified as high due to its potential for local denial of service.
How do I fix USN-4094-1?
To fix USN-4094-1, update your Linux kernel to the recommended versions specified in the advisory.
What does USN-4094-1 affect?
USN-4094-1 affects various Linux kernel images in Ubuntu versions 16.04 and 18.04.
What caused the vulnerability in USN-4094-1?
The vulnerability in USN-4094-1 was caused by an integer overflow in the alarmtimer implementation of the Linux kernel.
Can USN-4094-1 be exploited remotely?
No, USN-4094-1 can only be exploited by local attackers who have access to the system.
- agent/weakness
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/title
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu openssh client
- version/ubuntu openssh client/18.04
- version/ubuntu openssh client/16.04