USN-4210-1: Linux kernel vulnerabilities
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 16.04
Description
It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746)
Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133)
It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060)
It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19065)
It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19075)
Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075)
CVEs contained in this USN include: CVE-2019-16746, CVE-2019-17075, CVE-2019-17133, CVE-2019-19060, CVE-2019-19065, CVE-2019-19075
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- Cloud Foundry BOSH xenial-stemcells are vulnerable, including:
- 621.x versions prior to 621.29
- 456.x versions prior to 456.77
- 315.x versions prior to 315.146
- 250.x versions prior to 250.161
- 170.x versions prior to 170.180
- 97.x versions prior to 97.206
- All other stemcells not listed.
Mitigation
Users of affected products are strongly encouraged to follow one of the mitigations below:
- The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells:
- Upgrade 621.x versions to 621.29
- Upgrade 456.x versions to 456.77
- Upgrade 315.x versions to 315.146
- Upgrade 250.x versions to 250.161
- Upgrade 170.x versions to 170.180
- Upgrade 97.x versions to 97.206
- All other stemcells should be upgraded to the latest version available on bosh.io.
