What is the severity of USN-4161-1?

The severity of USN-4161-1 is classified as high due to the potential for a denial of service or arbitrary code execution.

How do I fix USN-4161-1?

To fix USN-4161-1, update the Linux kernel to the specified remedial versions, such as linux-image-5.3.0-19-lowlatency 5.3.0-19.20.

Who is affected by USN-4161-1?

Users of Ubuntu 19.10 with specific Linux kernel versions are affected by USN-4161-1.

What type of vulnerability is reported in USN-4161-1?

USN-4161-1 reports a use-after-free vulnerability in the IPv6 routing implementation of the Linux kernel.

Can USN-4161-1 be exploited remotely?

USN-4161-1 cannot be exploited remotely as it requires local access to the system.

Vulnerability/
USN-4161-1

CWE

416

21/10/2019

USN-4161-1: Linux kernel vulnerability

First published: Mon Oct 21 2019(Updated: )

It was discovered that the IPv6 routing implementation in the Linux kernel contained a reference counting error leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-5.3.0-19-lowlatency	<5.3.0-19.20	5.3.0-19.20
Ubuntu	=19.10
All of
ubuntu/linux-image-5.3.0-1005-gcp	<5.3.0-1005.5	5.3.0-1005.5
Ubuntu	=19.10
All of
ubuntu/linux-image-5.3.0-1004-kvm	<5.3.0-1004.4	5.3.0-1004.4
Ubuntu	=19.10
All of
ubuntu/linux-image-gke	<5.3.0.1005.5	5.3.0.1005.5
Ubuntu	=19.10
All of
ubuntu/linux-image-5.3.0-19-snapdragon	<5.3.0-19.20	5.3.0-19.20
Ubuntu	=19.10
All of
ubuntu/linux-image-generic	<5.3.0.19.22	5.3.0.19.22
Ubuntu	=19.10
All of
ubuntu/linux-image-5.3.0-1008-raspi2	<5.3.0-1008.9	5.3.0-1008.9
Ubuntu	=19.10
All of
ubuntu/linux-image-gcp	<5.3.0.1005.5	5.3.0.1005.5
Ubuntu	=19.10
All of
ubuntu/linux-image-5.3.0-1004-aws	<5.3.0-1004.4	5.3.0-1004.4
Ubuntu	=19.10
All of
ubuntu/linux-image-5.3.0-1004-azure	<5.3.0-1004.4	5.3.0-1004.4
Ubuntu	=19.10
All of
ubuntu/linux-image-5.3.0-19-generic	<5.3.0-19.20	5.3.0-19.20
Ubuntu	=19.10
All of
ubuntu/linux-image-virtual	<5.3.0.19.22	5.3.0.19.22
Ubuntu	=19.10
All of
ubuntu/linux-image-5.3.0-19-generic-lpae	<5.3.0-19.20	5.3.0-19.20
Ubuntu	=19.10
All of
ubuntu/linux-image-generic-lpae	<5.3.0.19.22	5.3.0.19.22
Ubuntu	=19.10
All of
ubuntu/linux-image-snapdragon	<5.3.0.19.22	5.3.0.19.22
Ubuntu	=19.10
All of
ubuntu/linux-image-aws	<5.3.0.1004.5	5.3.0.1004.5
Ubuntu	=19.10
All of
ubuntu/linux-image-kvm	<5.3.0.1004.4	5.3.0.1004.4
Ubuntu	=19.10
All of
ubuntu/linux-image-azure	<5.3.0.1004.21	5.3.0.1004.21
Ubuntu	=19.10
All of
ubuntu/linux-image-lowlatency	<5.3.0.19.22	5.3.0.19.22
Ubuntu	=19.10
All of
ubuntu/linux-image-raspi2	<5.3.0.1008.4	5.3.0.1008.4
Ubuntu	=19.10

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

CVE-2019-18198

Frequently Asked Questions

What is the severity of USN-4161-1?
The severity of USN-4161-1 is classified as high due to the potential for a denial of service or arbitrary code execution.
How do I fix USN-4161-1?
To fix USN-4161-1, update the Linux kernel to the specified remedial versions, such as linux-image-5.3.0-19-lowlatency 5.3.0-19.20.
Who is affected by USN-4161-1?
Users of Ubuntu 19.10 with specific Linux kernel versions are affected by USN-4161-1.
What type of vulnerability is reported in USN-4161-1?
USN-4161-1 reports a use-after-free vulnerability in the IPv6 routing implementation of the Linux kernel.
Can USN-4161-1 be exploited remotely?
USN-4161-1 cannot be exploited remotely as it requires local access to the system.

agent/severity
agent/type
agent/references
agent/last-modified-date
agent/first-publish-date
agent/event
agent/description
agent/title
agent/weakness
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu
version/ubuntu/19.10