Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.844771
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory for linux (USN-4681-1)
Summary:The remote host is missing an update for the 'linux'; package(s) announced via the USN-4681-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux'
package(s) announced via the USN-4681-1 advisory.

Vulnerability Insight:
Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver
in the Linux kernel did not properly deallocate memory in some conditions.
A local attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2019-0148)

It was discovered that the console keyboard driver in the Linux kernel
contained a race condition. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-25656)

Minh Yuan discovered that the tty driver in the Linux kernel contained race
conditions when handling fonts. A local attacker could possibly use this to
expose sensitive information (kernel memory). (CVE-2020-25668)

Jinoh Kang discovered that the Xen event channel infrastructure in the
Linux kernel contained a race condition. An attacker in guest could
possibly use this to cause a denial of service (dom0 crash).
(CVE-2020-27675)

Minh Yuan discovered that the framebuffer console driver in the Linux
kernel did not properly handle fonts in some conditions. A local attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information (kernel memory). (CVE-2020-28974)

It was discovered that Power 9 processors could be coerced to expose
information from the L1 cache in certain situations. A local attacker could
use this to expose sensitive information. (CVE-2020-4788)

Affected Software/OS:
'linux' package(s) on Ubuntu 16.04 LTS.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-0148
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-4788
https://www.ibm.com/support/pages/node/6370729
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/
http://www.openwall.com/lists/oss-security/2020/11/20/3
http://www.openwall.com/lists/oss-security/2020/11/23/1
XForce ISS Database: ibm-i-cve20204788-info-disc (189296)
https://exchange.xforce.ibmcloud.com/vulnerabilities/189296
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.