USN-4346-1: Linux kernel vulnerabilities
First published: Wed Apr 29 2020(Updated: )
It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16234) Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-19768) It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648) Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-9383)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-4.4.0-1070-kvm | <4.4.0-1070.77 | 4.4.0-1070.77 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.4.0-1106-aws | <4.4.0-1106.117 | 4.4.0-1106.117 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.4.0-1132-raspi2 | <4.4.0-1132.141 | 4.4.0-1132.141 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.4.0-1136-snapdragon | <4.4.0-1136.144 | 4.4.0-1136.144 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.4.0-178-generic | <4.4.0-178.208 | 4.4.0-178.208 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.4.0-178-generic-lpae | <4.4.0-178.208 | 4.4.0-178.208 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.4.0-178-lowlatency | <4.4.0-178.208 | 4.4.0-178.208 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.4.0-178-powerpc-e500mc | <4.4.0-178.208 | 4.4.0-178.208 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.4.0-178-powerpc-smp | <4.4.0-178.208 | 4.4.0-178.208 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.4.0-178-powerpc64-emb | <4.4.0-178.208 | 4.4.0-178.208 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.4.0-178-powerpc64-smp | <4.4.0-178.208 | 4.4.0-178.208 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-aws | <4.4.0.1106.110 | 4.4.0.1106.110 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-generic | <4.4.0.178.186 | 4.4.0.178.186 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-generic-lpae | <4.4.0.178.186 | 4.4.0.178.186 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-kvm | <4.4.0.1070.70 | 4.4.0.1070.70 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-lowlatency | <4.4.0.178.186 | 4.4.0.178.186 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-powerpc-e500mc | <4.4.0.178.186 | 4.4.0.178.186 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-powerpc-smp | <4.4.0.178.186 | 4.4.0.178.186 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-powerpc64-emb | <4.4.0.178.186 | 4.4.0.178.186 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-powerpc64-smp | <4.4.0.178.186 | 4.4.0.178.186 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-raspi2 | <4.4.0.1132.132 | 4.4.0.1132.132 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-snapdragon | <4.4.0.1136.128 | 4.4.0.1136.128 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-virtual | <4.4.0.178.186 | 4.4.0.178.186 |
| Ubuntu Linux | =16.04 | |
| All of | ||
| ubuntu/linux-image-4.4.0-1066-aws | <4.4.0-1066.70 | 4.4.0-1066.70 |
| Ubuntu Linux | =14.04 | |
| All of | ||
| ubuntu/linux-image-4.4.0-178-generic | <4.4.0-178.208~14.04.1 | 4.4.0-178.208~14.04.1 |
| Ubuntu Linux | =14.04 | |
| All of | ||
| ubuntu/linux-image-4.4.0-178-lowlatency | <4.4.0-178.208~14.04.1 | 4.4.0-178.208~14.04.1 |
| Ubuntu Linux | =14.04 | |
| All of | ||
| ubuntu/linux-image-aws | <4.4.0.1066.67 | 4.4.0.1066.67 |
| Ubuntu Linux | =14.04 | |
| All of | ||
| ubuntu/linux-image-generic-lts-xenial | <4.4.0.178.157 | 4.4.0.178.157 |
| Ubuntu Linux | =14.04 | |
| All of | ||
| ubuntu/linux-image-lowlatency-lts-xenial | <4.4.0.178.157 | 4.4.0.178.157 |
| Ubuntu Linux | =14.04 | |
| All of | ||
| ubuntu/linux-image-virtual-lts-xenial | <4.4.0.178.157 | 4.4.0.178.157 |
| Ubuntu Linux | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2019-16233
- https://ubuntu.com/security/CVE-2019-16234
- https://ubuntu.com/security/CVE-2019-19768
- https://ubuntu.com/security/CVE-2020-8648
- https://ubuntu.com/security/CVE-2020-9383
- https://ubuntu.com/security/notices/USN-4226-1
- https://ubuntu.com/security/notices/USN-4227-2
- https://ubuntu.com/security/notices/USN-4227-1
- https://ubuntu.com/security/notices/USN-4345-1
- https://ubuntu.com/security/notices/USN-4344-1
- https://ubuntu.com/security/notices/USN-4342-1
- https://ubuntu.com/security/notices/LSN-0066-1
- https://ubuntu.com/security/notices/LSN-0068-1
- https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1070.77
- https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1106.117
- https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1132.141
- https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1136.144
- https://launchpad.net/ubuntu/+source/linux-signed/4.4.0-178.208
- https://launchpad.net/ubuntu/+source/linux/4.4.0-178.208
- https://launchpad.net/ubuntu/+source/linux-meta-aws/4.4.0.1106.110
- https://launchpad.net/ubuntu/+source/linux-meta/4.4.0.178.186
- https://launchpad.net/ubuntu/+source/linux-meta-kvm/4.4.0.1070.70
- https://launchpad.net/ubuntu/+source/linux-meta-raspi2/4.4.0.1132.132
- https://launchpad.net/ubuntu/+source/linux-meta-snapdragon/4.4.0.1136.128
- https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1066.70
- https://launchpad.net/ubuntu/+source/linux-signed-lts-xenial/4.4.0-178.208~14.04.1
- https://launchpad.net/ubuntu/+source/linux-meta-aws/4.4.0.1066.67
- https://launchpad.net/ubuntu/+source/linux-meta-lts-xenial/4.4.0.178.157
- https://ubuntu.com/security/notices/USN-4346-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-4346-1?
The severity of USN-4346-1 is classified as a denial of service due to the potential for system crashes through a NULL pointer dereference.
How do I fix USN-4346-1?
To fix USN-4346-1, you should update to the recommended linux-image packages provided in the advisory.
What versions are affected by USN-4346-1?
USN-4346-1 affects various versions of Ubuntu 16.04, specifically those using certain linux-image packages.
Who can exploit the vulnerability seen in USN-4346-1?
A local attacker can potentially exploit the vulnerability in USN-4346-1, causing a denial of service.
What systems need to be patched for USN-4346-1?
Any system running an affected version of Ubuntu 16.04 with specific linux-image packages installed should be patched for USN-4346-1.
- agent/severity
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/title
- agent/description
- agent/references
- agent/trending
- agent/source
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu linux
- version/ubuntu linux/16.04
- version/ubuntu linux/14.04