var-201906-0917
Vulnerability from variot
Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Intel Dual Band Wireless-AC 8260 contains a denial-of-service (DoS) vulnerability (CWE-400). Yusuke Ogawa of Cisco Systems G.K. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker may be able to cause a denial-of-service (DoS). IntelPROSet/WirelessWiFiSoftwaredriver is a wireless network card driver from Intel Corporation of the United States. The vulnerability stems from a network system or product that does not properly restrict access to resources from unauthorized roles that an attacker could use to cause a denial of service. Intel PROSet/Wireless WiFi Software driver是美国英特尔(Intel)公司的一款无线网卡驱动程序. Intel PROSet/Wireless WiFi Software driver 21.10之前版本中存在访问控制错误漏洞。该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。以下产品及版本受到影响:Intel Dual Band Wireless-AC 3160;Dual Band Wireless-AC 7260;Dual Band Wireless-N 7260;Wireless-N 7260;Dual Band Wireless-AC 7260 for Desktop;Dual Band Wireless-AC 7265 (Rev. C);Dual Band Wireless-N 7265 (Rev. C);Wireless-N 7265 (Rev. C);Dual Band Wireless-AC 3165;Dual Band Wireless-AC 7265 (Rev. D);Dual Band Wireless-N 7265 (Rev. D);Wireless-N 7265 (Rev. D);Dual Band Wireless-AC 3168;Tri-Band Wireless-AC 17265;Dual Band Wireless-AC 8260;Tri-Band Wireless-AC 18260;Dual Band Wireless-AC 8265;Dual Band Wireless-AC 8265 Desktop Kit;Tri-Band Wireless-AC 18265;Wireless-AC 9560;Wireless-AC 9461;Wireless-AC 9462;Wireless-AC 9260;Wi-Fi 6 AX200;Wi-Fi 6 AX201. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. (CVE-2019-11477)
Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. (CVE-2019-14835)
Update instructions:
The problem can be corrected by updating your livepatches to the following versions:
| Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-148.174 | 58.1 | lowlatency, generic | | 4.4.0-148.174~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-150.176 | 58.1 | generic, lowlatency | | 4.4.0-150.176~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-151.178 | 58.1 | lowlatency, generic | | 4.4.0-151.178~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-154.181 | 58.1 | lowlatency, generic | | 4.4.0-154.181~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-157.185 | 58.1 | lowlatency, generic | | 4.4.0-157.185~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-159.187 | 58.1 | lowlatency, generic | | 4.4.0-159.187~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-161.189 | 58.1 | lowlatency, generic | | 4.4.0-161.189~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-164.192 | 58.1 | lowlatency, generic | | 4.4.0-164.192~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-165.193 | 58.1 | generic, lowlatency | | 4.4.0-1083.93 | 58.1 | aws | | 4.4.0-1084.94 | 58.1 | aws | | 4.4.0-1085.96 | 58.1 | aws | | 4.4.0-1087.98 | 58.1 | aws | | 4.4.0-1088.99 | 58.1 | aws | | 4.4.0-1090.101 | 58.1 | aws | | 4.4.0-1092.103 | 58.1 | aws | | 4.4.0-1094.105 | 58.1 | aws | | 4.15.0-50.54 | 58.1 | generic, lowlatency | | 4.15.0-50.54~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-51.55 | 58.1 | generic, lowlatency | | 4.15.0-51.55~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-52.56 | 58.1 | lowlatency, generic | | 4.15.0-52.56~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-54.58 | 58.1 | generic, lowlatency | | 4.15.0-54.58~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-55.60 | 58.1 | generic, lowlatency | | 4.15.0-58.64 | 58.1 | generic, lowlatency | | 4.15.0-58.64~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-60.67 | 58.1 | lowlatency, generic | | 4.15.0-60.67~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-62.69 | 58.1 | generic, lowlatency | | 4.15.0-62.69~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-64.73 | 58.1 | generic, lowlatency | | 4.15.0-64.73~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-65.74 | 58.1 | lowlatency, generic | | 4.15.0-1038.43 | 58.1 | oem | | 4.15.0-1039.41 | 58.1 | aws | | 4.15.0-1039.44 | 58.1 | oem | | 4.15.0-1040.42 | 58.1 | aws | | 4.15.0-1041.43 | 58.1 | aws | | 4.15.0-1043.45 | 58.1 | aws | | 4.15.0-1043.48 | 58.1 | oem | | 4.15.0-1044.46 | 58.1 | aws | | 4.15.0-1045.47 | 58.1 | aws | | 4.15.0-1045.50 | 58.1 | oem | | 4.15.0-1047.49 | 58.1 | aws | | 4.15.0-1047.51 | 58.1 | azure | | 4.15.0-1048.50 | 58.1 | aws | | 4.15.0-1049.54 | 58.1 | azure | | 4.15.0-1050.52 | 58.1 | aws | | 4.15.0-1050.55 | 58.1 | azure | | 4.15.0-1050.57 | 58.1 | oem | | 4.15.0-1051.53 | 58.1 | aws | | 4.15.0-1051.56 | 58.1 | azure | | 4.15.0-1052.57 | 58.1 | azure | | 4.15.0-1055.60 | 58.1 | azure | | 4.15.0-1056.61 | 58.1 | azure | | 4.15.0-1056.65 | 58.1 | oem | | 4.15.0-1057.62 | 58.1 | azure | | 4.15.0-1057.66 | 58.1 | oem | | 4.15.0-1059.64 | 58.1 | azure | | 5.0.0-1014.14~18.04.1 | 58.1 | azure | | 5.0.0-1016.17~18.04.1 | 58.1 | azure | | 5.0.0-1018.19~18.04.1 | 58.1 | azure | | 5.0.0-1020.21~18.04.1 | 58.1 | azure |
Support Information:
Kernels older than the levels listed below do not receive livepatch updates. Please upgrade your kernel as soon as possible.
| Series | Version | Flavors | |------------------+------------------+--------------------------| | Ubuntu 18.04 LTS | 4.15.0-1039 | aws | | Ubuntu 16.04 LTS | 4.4.0-1083 | aws | | Ubuntu 18.04 LTS | 5.0.0-1000 | azure | | Ubuntu 16.04 LTS | 4.15.0-1047 | azure | | Ubuntu 18.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 16.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 14.04 LTS | 4.4.0-148 | generic lowlatency | | Ubuntu 18.04 LTS | 4.15.0-1038 | oem | | Ubuntu 16.04 LTS | 4.4.0-148 | generic lowlatency |
References: CVE-2016-10905, CVE-2018-20856, CVE-2018-20961, CVE-2018-20976, CVE-2018-21008, CVE-2019-0136, CVE-2019-2054, CVE-2019-2181, CVE-2019-3846, CVE-2019-10126, CVE-2019-10207, CVE-2019-11477, CVE-2019-11478, CVE-2019-11833, CVE-2019-12614, CVE-2019-14283, CVE-2019-14284, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . ========================================================================= Ubuntu Security Notice USN-4118-1 September 02, 2019
linux-aws vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
Details:
It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. (CVE-2018-13053)
Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. (CVE-2018-13093)
Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616)
Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. (CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613)
Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. (CVE-2018-14617)
Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862)
Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. (CVE-2018-19985)
Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. (CVE-2018-20169)
Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. (CVE-2018-20784)
It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. (CVE-2018-20856)
Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383)
It was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). (CVE-2019-0136)
It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. (CVE-2019-10126)
It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. (CVE-2019-10207)
Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)
Amit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639)
Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. (CVE-2019-11085)
It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. (CVE-2019-11487)
Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. (CVE-2019-11599)
It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. (CVE-2019-11810)
It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. (CVE-2019-11815)
It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)
It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884)
It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. (CVE-2019-12818)
It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. (CVE-2019-12819)
It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. (CVE-2019-12984)
Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. (CVE-2019-13233)
Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. (CVE-2019-13272)
It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. (CVE-2019-13631)
It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. (CVE-2019-14283)
It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. (CVE-2019-14284)
Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. (CVE-2019-14763)
It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090)
It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. (CVE-2019-15211)
It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. (CVE-2019-15212)
It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. (CVE-2019-15214)
It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. (CVE-2019-15215)
It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. (CVE-2019-15220)
It was discovered that a use-after-free vulnerability existed in the Appletalk implementation in the Linux kernel if an error occurs during initialization. (CVE-2019-15292)
It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. (CVE-2019-2024)
It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101)
It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. (CVE-2019-3846)
Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. (CVE-2019-3900)
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physicall proximate attacker could use this to expose sensitive information. (CVE-2019-9506)
It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511)
It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. (CVE-2019-15216)
It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. (CVE-2019-15218)
It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. (CVE-2019-15221)
Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701)
Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. (CVE-2019-3819)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: linux-image-4.15.0-1047-aws 4.15.0-1047.49 linux-image-aws 4.15.0.1047.46
Ubuntu 16.04 LTS: linux-image-4.15.0-1047-aws 4.15.0-1047.49~16.04.1 linux-image-aws-hwe 4.15.0.1047.47
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/4118-1 CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617, CVE-2018-16862, CVE-2018-19985, CVE-2018-20169, CVE-2018-20511, CVE-2018-20784, CVE-2018-20856, CVE-2018-5383, CVE-2019-0136, CVE-2019-10126, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-11085, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810, CVE-2019-11815, CVE-2019-11833, CVE-2019-11884, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-13631, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763, CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15292, CVE-2019-2024, CVE-2019-2101, CVE-2019-3701, CVE-2019-3819, CVE-2019-3846, CVE-2019-3900, CVE-2019-9506
Package Information: https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1047.49 https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1047.49~16.04.1 . Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue.
We apologize for the inconvenience
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0917", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "dual band wireless-ac", "scope": "eq", "trust": 1.2, "vendor": "intel", "version": "7265" }, { "model": "dual band wireless-n", "scope": "eq", "trust": 1.2, "vendor": "intel", "version": "7265" }, { "model": "wireless-n", "scope": "eq", "trust": 1.2, "vendor": "intel", "version": "7265" }, { "model": "proset\\/wireless wifi", "scope": "lt", "trust": 1.0, "vendor": "intel", "version": "21.10" }, { "model": "accelerated storage manager", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "chipset device software", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "compute card", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "compute stick", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "core i3", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "core i5", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "core x-series", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "nuc kit", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "omni-path fabric manager gui", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "pentium", "scope": "eq", "trust": 0.8, "vendor": "intel", "version": "processor 2000 series" }, { "model": "pentium", "scope": "eq", "trust": 0.8, "vendor": "intel", "version": "processor 3000 series" }, { "model": "pentium", "scope": "eq", "trust": 0.8, "vendor": "intel", "version": "processor g series" }, { "model": "proset/wireless software driver", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "raid web console v3", "scope": "eq", "trust": 0.8, "vendor": "intel", "version": "for windows" }, { "model": "sgx dcap linux driver", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "sgx linux client driver", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "turbo boost max technology", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 0.8, "vendor": "intel", "version": "processor e7 v3 family" }, { "model": "xeon", "scope": "eq", "trust": 0.8, "vendor": "intel", "version": "processor e7 v5 family" }, { "model": "xeon", "scope": "eq", "trust": 0.8, "vendor": "intel", "version": "processor e7 v7 family" }, { "model": "ite tech* consumer infrared driver", "scope": "eq", "trust": 0.8, "vendor": "intel", "version": "for windows 10" }, { "model": "open cloud integrity technology", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "openattestation", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "dual band wireless-ac 8260", "scope": "lte", "trust": 0.8, "vendor": "intel", "version": "windows10 driver version 20.50.1.1" }, { "model": "dual band wireless-ac", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "3160" }, { "model": "dual band wireless-ac", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "7260" }, { "model": "dual band wireless-ac for desktop", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "7260" }, { "model": "dual band wireless-ac", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "3165" }, { "model": "dual band wireless-ac", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "3168" }, { "model": "dual band wireless-ac", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "8260" }, { "model": "dual band wireless-ac", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "8265" }, { "model": "dual band wireless-ac desktop kit", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "8265" }, { "model": "dual band wireless-n", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "7260" }, { "model": "tri-band wireless-ac", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "18265" }, { "model": "tri-band wireless-ac", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "17265" }, { "model": "tri-band wireless-ac", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "18260" }, { "model": "wireless-ac", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "9560" }, { "model": "wireless-ac", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "9461" }, { "model": "wireless-ac", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "9462" }, { "model": "wireless-ac", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "9260" }, { "model": "wireless-n", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "7260" }, { "model": "wi-fi ax200", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "6" }, { "model": "wi-fi ax201", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "6" }, { "model": "wireless-n", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "72600" }, { "model": "wireless-ac", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "95600" }, { "model": "wireless-ac", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "94620" }, { "model": "wireless-ac", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "94610" }, { "model": "wireless-ac", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "92600" }, { "model": "wi-fi ax201", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "60" }, { "model": "wi-fi ax200", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "60" }, { "model": "tri-band wireless-ac", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "182650" }, { "model": "tri-band wireless-ac", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "182600" }, { "model": "tri-band wireless-ac", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "172650" }, { "model": "proset/wireless wifi software", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "20.120.1" }, { "model": "proset/wireless wifi software", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "17.16" }, { "model": "proset/wireless wifi software", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "16.1.1" }, { "model": "proset/wireless wifi software", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "15.8" }, { "model": "proset/wireless wifi software", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "21.0" }, { "model": "proset/wireless wifi software", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "20.100" }, { "model": "dual band wireless-n", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "72650" }, { "model": "dual band wireless-n", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "72600" }, { "model": "dual band wireless-ac desktop kit", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "82650" }, { "model": "dual band wireless-ac", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "82650" }, { "model": "dual band wireless-ac", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "82600" }, { "model": "dual band wireless-ac", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "72650" }, { "model": "dual band wireless-ac for desktop", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "72600" }, { "model": "dual band wireless-ac", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "72600" }, { "model": "dual band wireless-ac", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "31680" }, { "model": "dual band wireless-ac", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "31650" }, { "model": "dual band wireless-ac", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "31600" }, { "model": "proset/wireless wifi software", "scope": "ne", "trust": 0.3, "vendor": "intel", "version": "21.10" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-25748" }, { "db": "BID", "id": "108777" }, { "db": "JVNDB", "id": "JVNDB-2019-004980" }, { "db": "JVNDB", "id": "JVNDB-2019-000046" }, { "db": "NVD", "id": "CVE-2019-0136" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:intel:proset\\/wireless_wifi:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "21.10", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-0136" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ubuntu,JPCERT", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-530" } ], "trust": 0.6 }, "cve": "CVE-2019-0136", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Adjacent Network", "authentication": "None", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 3.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-000046", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "CNVD-2019-25748", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 4.0, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "IPA", "availabilityImpact": "Low", "baseScore": 4.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-000046", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-0136", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2019-000046", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2019-25748", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-201906-530", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-25748" }, { "db": "JVNDB", "id": "JVNDB-2019-000046" }, { "db": "NVD", "id": "CVE-2019-0136" }, { "db": "CNNVD", "id": "CNNVD-201906-530" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Intel Dual Band Wireless-AC 8260 contains a denial-of-service (DoS) vulnerability (CWE-400). Yusuke Ogawa of Cisco Systems G.K. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker may be able to cause a denial-of-service (DoS). IntelPROSet/WirelessWiFiSoftwaredriver is a wireless network card driver from Intel Corporation of the United States. The vulnerability stems from a network system or product that does not properly restrict access to resources from unauthorized roles that an attacker could use to cause a denial of service. Intel PROSet/Wireless WiFi Software driver\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u7f51\u5361\u9a71\u52a8\u7a0b\u5e8f. \nIntel PROSet/Wireless WiFi Software driver 21.10\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u9650\u5236\u6765\u81ea\u672a\u6388\u6743\u89d2\u8272\u7684\u8d44\u6e90\u8bbf\u95ee\u3002\u4ee5\u4e0b\u4ea7\u54c1\u53ca\u7248\u672c\u53d7\u5230\u5f71\u54cd\uff1aIntel Dual Band Wireless-AC 3160\uff1bDual Band Wireless-AC 7260\uff1bDual Band Wireless-N 7260\uff1bWireless-N 7260\uff1bDual Band Wireless-AC 7260 for Desktop\uff1bDual Band Wireless-AC 7265 (Rev. C)\uff1bDual Band Wireless-N 7265 (Rev. C)\uff1bWireless-N 7265 (Rev. C)\uff1bDual Band Wireless-AC 3165\uff1bDual Band Wireless-AC 7265 (Rev. D)\uff1bDual Band Wireless-N 7265 (Rev. D)\uff1bWireless-N 7265 (Rev. D)\uff1bDual Band Wireless-AC 3168\uff1bTri-Band Wireless-AC 17265\uff1bDual Band Wireless-AC 8260\uff1bTri-Band Wireless-AC 18260\uff1bDual Band Wireless-AC 8265\uff1bDual Band Wireless-AC 8265 Desktop Kit\uff1bTri-Band Wireless-AC 18265\uff1bWireless-AC 9560\uff1bWireless-AC 9461\uff1bWireless-AC 9462\uff1bWireless-AC 9260\uff1bWi-Fi 6 AX200\uff1bWi-Fi 6 AX201. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \n(CVE-2019-11477)\n\nJonathan Looney discovered that the TCP retransmission queue implementation\nin the Linux kernel could be fragmented when handling certain TCP Selective\nAcknowledgment (SACK) sequences. (CVE-2019-14835)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your livepatches to the following\nversions:\n\n| Kernel | Version | flavors |\n|--------------------------+----------+--------------------------|\n| 4.4.0-148.174 | 58.1 | lowlatency, generic |\n| 4.4.0-148.174~14.04.1 | 58.1 | lowlatency, generic |\n| 4.4.0-150.176 | 58.1 | generic, lowlatency |\n| 4.4.0-150.176~14.04.1 | 58.1 | lowlatency, generic |\n| 4.4.0-151.178 | 58.1 | lowlatency, generic |\n| 4.4.0-151.178~14.04.1 | 58.1 | generic, lowlatency |\n| 4.4.0-154.181 | 58.1 | lowlatency, generic |\n| 4.4.0-154.181~14.04.1 | 58.1 | generic, lowlatency |\n| 4.4.0-157.185 | 58.1 | lowlatency, generic |\n| 4.4.0-157.185~14.04.1 | 58.1 | generic, lowlatency |\n| 4.4.0-159.187 | 58.1 | lowlatency, generic |\n| 4.4.0-159.187~14.04.1 | 58.1 | generic, lowlatency |\n| 4.4.0-161.189 | 58.1 | lowlatency, generic |\n| 4.4.0-161.189~14.04.1 | 58.1 | lowlatency, generic |\n| 4.4.0-164.192 | 58.1 | lowlatency, generic |\n| 4.4.0-164.192~14.04.1 | 58.1 | lowlatency, generic |\n| 4.4.0-165.193 | 58.1 | generic, lowlatency |\n| 4.4.0-1083.93 | 58.1 | aws |\n| 4.4.0-1084.94 | 58.1 | aws |\n| 4.4.0-1085.96 | 58.1 | aws |\n| 4.4.0-1087.98 | 58.1 | aws |\n| 4.4.0-1088.99 | 58.1 | aws |\n| 4.4.0-1090.101 | 58.1 | aws |\n| 4.4.0-1092.103 | 58.1 | aws |\n| 4.4.0-1094.105 | 58.1 | aws |\n| 4.15.0-50.54 | 58.1 | generic, lowlatency |\n| 4.15.0-50.54~16.04.1 | 58.1 | generic, lowlatency |\n| 4.15.0-51.55 | 58.1 | generic, lowlatency |\n| 4.15.0-51.55~16.04.1 | 58.1 | generic, lowlatency |\n| 4.15.0-52.56 | 58.1 | lowlatency, generic |\n| 4.15.0-52.56~16.04.1 | 58.1 | generic, lowlatency |\n| 4.15.0-54.58 | 58.1 | generic, lowlatency |\n| 4.15.0-54.58~16.04.1 | 58.1 | generic, lowlatency |\n| 4.15.0-55.60 | 58.1 | generic, lowlatency |\n| 4.15.0-58.64 | 58.1 | generic, lowlatency |\n| 4.15.0-58.64~16.04.1 | 58.1 | lowlatency, generic |\n| 4.15.0-60.67 | 58.1 | lowlatency, generic |\n| 4.15.0-60.67~16.04.1 | 58.1 | generic, lowlatency |\n| 4.15.0-62.69 | 58.1 | generic, lowlatency |\n| 4.15.0-62.69~16.04.1 | 58.1 | lowlatency, generic |\n| 4.15.0-64.73 | 58.1 | generic, lowlatency |\n| 4.15.0-64.73~16.04.1 | 58.1 | lowlatency, generic |\n| 4.15.0-65.74 | 58.1 | lowlatency, generic |\n| 4.15.0-1038.43 | 58.1 | oem |\n| 4.15.0-1039.41 | 58.1 | aws |\n| 4.15.0-1039.44 | 58.1 | oem |\n| 4.15.0-1040.42 | 58.1 | aws |\n| 4.15.0-1041.43 | 58.1 | aws |\n| 4.15.0-1043.45 | 58.1 | aws |\n| 4.15.0-1043.48 | 58.1 | oem |\n| 4.15.0-1044.46 | 58.1 | aws |\n| 4.15.0-1045.47 | 58.1 | aws |\n| 4.15.0-1045.50 | 58.1 | oem |\n| 4.15.0-1047.49 | 58.1 | aws |\n| 4.15.0-1047.51 | 58.1 | azure |\n| 4.15.0-1048.50 | 58.1 | aws |\n| 4.15.0-1049.54 | 58.1 | azure |\n| 4.15.0-1050.52 | 58.1 | aws |\n| 4.15.0-1050.55 | 58.1 | azure |\n| 4.15.0-1050.57 | 58.1 | oem |\n| 4.15.0-1051.53 | 58.1 | aws |\n| 4.15.0-1051.56 | 58.1 | azure |\n| 4.15.0-1052.57 | 58.1 | azure |\n| 4.15.0-1055.60 | 58.1 | azure |\n| 4.15.0-1056.61 | 58.1 | azure |\n| 4.15.0-1056.65 | 58.1 | oem |\n| 4.15.0-1057.62 | 58.1 | azure |\n| 4.15.0-1057.66 | 58.1 | oem |\n| 4.15.0-1059.64 | 58.1 | azure |\n| 5.0.0-1014.14~18.04.1 | 58.1 | azure |\n| 5.0.0-1016.17~18.04.1 | 58.1 | azure |\n| 5.0.0-1018.19~18.04.1 | 58.1 | azure |\n| 5.0.0-1020.21~18.04.1 | 58.1 | azure |\n\nSupport Information:\n\nKernels older than the levels listed below do not receive livepatch\nupdates. Please upgrade your kernel as soon as possible. \n\n| Series | Version | Flavors |\n|------------------+------------------+--------------------------|\n| Ubuntu 18.04 LTS | 4.15.0-1039 | aws |\n| Ubuntu 16.04 LTS | 4.4.0-1083 | aws |\n| Ubuntu 18.04 LTS | 5.0.0-1000 | azure |\n| Ubuntu 16.04 LTS | 4.15.0-1047 | azure |\n| Ubuntu 18.04 LTS | 4.15.0-50 | generic lowlatency |\n| Ubuntu 16.04 LTS | 4.15.0-50 | generic lowlatency |\n| Ubuntu 14.04 LTS | 4.4.0-148 | generic lowlatency |\n| Ubuntu 18.04 LTS | 4.15.0-1038 | oem |\n| Ubuntu 16.04 LTS | 4.4.0-148 | generic lowlatency |\n\nReferences:\n CVE-2016-10905, CVE-2018-20856, CVE-2018-20961, CVE-2018-20976, \n CVE-2018-21008, CVE-2019-0136, CVE-2019-2054, CVE-2019-2181, \n CVE-2019-3846, CVE-2019-10126, CVE-2019-10207, CVE-2019-11477, \n CVE-2019-11478, CVE-2019-11833, CVE-2019-12614, CVE-2019-14283, \n CVE-2019-14284, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, \n CVE-2019-14821, CVE-2019-14835\n\n\n-- \nubuntu-security-announce mailing list\nubuntu-security-announce@lists.ubuntu.com\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\n. =========================================================================\nUbuntu Security Notice USN-4118-1\nSeptember 02, 2019\n\nlinux-aws vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux-aws: Linux kernel for Amazon Web Services (AWS) systems\n- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems\n\nDetails:\n\nIt was discovered that the alarmtimer implementation in the Linux kernel\ncontained an integer overflow vulnerability. (CVE-2018-13053)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly track inode validations. (CVE-2018-13093)\n\nWen Xu discovered that the f2fs file system implementation in the Linux\nkernel did not properly validate metadata. (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098,\nCVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615,\nCVE-2018-14616)\n\nWen Xu and Po-Ning Tseng discovered that btrfs file system implementation\nin the Linux kernel did not properly validate metadata. (CVE-2018-14609, CVE-2018-14610,\nCVE-2018-14611, CVE-2018-14612, CVE-2018-14613)\n\nWen Xu discovered that the HFS+ filesystem implementation in the Linux\nkernel did not properly handle malformed catalog data in some situations. (CVE-2018-14617)\n\nVasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem\nof the Linux kernel did not properly initialize new files in some\nsituations. A local attacker could use this to expose sensitive\ninformation. (CVE-2018-16862)\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed driver\nin the Linux kernel did not properly validate metadata received from the\ndevice. (CVE-2018-19985)\n\nHui Peng and Mathias Payer discovered that the USB subsystem in the Linux\nkernel did not properly handle size checks when handling an extra USB\ndescriptor. (CVE-2018-20169)\n\nZhipeng Xie discovered that an infinite loop could triggered in the CFS\nLinux kernel process scheduler. (CVE-2018-20784)\n\nIt was discovered that a use-after-free error existed in the block layer\nsubsystem of the Linux kernel when certain failure conditions occurred. (CVE-2018-20856)\n\nEli Biham and Lior Neumann discovered that the Bluetooth implementation in\nthe Linux kernel did not properly validate elliptic curve parameters during\nDiffie-Hellman key exchange in some situations. An attacker could use this\nto expose sensitive information. (CVE-2018-5383)\n\nIt was discovered that the Intel wifi device driver in the Linux kernel did\nnot properly validate certain Tunneled Direct Link Setup (TDLS). (CVE-2019-0136)\n\nIt was discovered that a heap buffer overflow existed in the Marvell\nWireless LAN device driver for the Linux kernel. (CVE-2019-10126)\n\nIt was discovered that the Bluetooth UART implementation in the Linux\nkernel did not properly check for missing tty operations. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless networking\nprotocols. A remote attacker could use this to track particular Linux\ndevices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel\naddresses could exposed by the implementation of connection-less network\nprotocols in the Linux kernel. A remote attacker could possibly use this to\nassist in the exploitation of another vulnerability in the Linux kernel. \n(CVE-2019-10639)\n\nAdam Zabrocki discovered that the Intel i915 kernel mode graphics driver in\nthe Linux kernel did not properly restrict mmap() ranges in some\nsituations. (CVE-2019-11085)\n\nIt was discovered that an integer overflow existed in the Linux kernel when\nreference counting pages, leading to potential use-after-free issues. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when\nperforming core dumps. (CVE-2019-11599)\n\nIt was discovered that a null pointer dereference vulnerability existed in\nthe LSI Logic MegaRAID driver in the Linux kernel. (CVE-2019-11810)\n\nIt was discovered that a race condition leading to a use-after-free existed\nin the Reliable Datagram Sockets (RDS) protocol implementation in the Linux\nkernel. The RDS protocol is blacklisted by default in Ubuntu. (CVE-2019-11815)\n\nIt was discovered that the ext4 file system implementation in the Linux\nkernel did not properly zero out memory in some situations. A local\nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP)\nimplementation in the Linux kernel did not properly verify strings were\nNULL terminated in certain situations. A local attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2019-11884)\n\nIt was discovered that a NULL pointer dereference vulnerabilty existed in\nthe Near-field communication (NFC) implementation in the Linux kernel. \n(CVE-2019-12818)\n\nIt was discovered that the MDIO bus devices subsystem in the Linux kernel\nimproperly dropped a device reference in an error condition, leading to a\nuse-after-free. (CVE-2019-12819)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in\nthe Near-field communication (NFC) implementation in the Linux kernel. \n(CVE-2019-12984)\n\nJann Horn discovered a use-after-free vulnerability in the Linux kernel\nwhen accessing LDT entries in some situations. (CVE-2019-13233)\n\nJann Horn discovered that the ptrace implementation in the Linux kernel did\nnot properly record credentials in some situations. (CVE-2019-13272)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did\nnot properly bounds check the initial HID report sent by the device. (CVE-2019-13631)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. \n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. \n(CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare USB3\nDRD Controller device driver in the Linux kernel. (CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic QEDI\niSCSI Initiator Driver in the Linux kernel. A local attacker could possibly\nuse this to expose sensitive information (kernel memory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in the\nLinux kernel did not properly allocate memory, leading to a use-after-free. (CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500 device\ndriver for the Linux kernel. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux Sound\nArchitecture (ALSA) subsystem of the Linux kernel, leading to a potential\nuse-after-free. \n(CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2 video4linux\ndevice driver for the Linux kernel, leading to a use-after-free. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB Prism54\ndevice driver in the Linux kernel. (CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the\nAppletalk implementation in the Linux kernel if an error occurs during\ninitialization. (CVE-2019-15292)\n\nIt was discovered that the Empia EM28xx DVB USB device driver\nimplementation in the Linux kernel contained a use-after-free vulnerability\nwhen disconnecting the device. (CVE-2019-2024)\n\nIt was discovered that the USB video device class implementation in the\nLinux kernel did not properly validate control bits, resulting in an out of\nbounds buffer read. A local attacker could use this to possibly expose\nsensitive information (kernel memory). (CVE-2019-2101)\n\nIt was discovered that the Marvell Wireless LAN device driver in the Linux\nkernel did not properly validate the BSS descriptor. (CVE-2019-3846)\n\nJason Wang discovered that an infinite loop vulnerability existed in the\nvirtio net driver in the Linux kernel. \n(CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered\nthat the Bluetooth protocol BR/EDR specification did not properly require\nsufficiently strong encryption key lengths. A physicall proximate attacker\ncould use this to expose sensitive information. (CVE-2019-9506)\n\nIt was discovered that the Appletalk IP encapsulation driver in the Linux\nkernel did not properly prevent kernel addresses from being copied to user\nspace. A local attacker with the CAP_NET_ADMIN capability could use this to\nexpose sensitive information. (CVE-2018-20511)\n\nIt was discovered that a race condition existed in the USB YUREX device\ndriver in the Linux kernel. (CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the\nLinux kernel made improper assumptions about the device characteristics. (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux kernel\ndid not properly validate data size information from the device. (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in some\nsituations did not properly restrict the field size when processing\noutgoing frames. A local attacker with CAP_NET_ADMIN privileges could use\nthis to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux kernel\u0027s\nHID subsystem did not properly validate passed parameters in some\nsituations. (CVE-2019-3819)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n linux-image-4.15.0-1047-aws 4.15.0-1047.49\n linux-image-aws 4.15.0.1047.46\n\nUbuntu 16.04 LTS:\n linux-image-4.15.0-1047-aws 4.15.0-1047.49~16.04.1\n linux-image-aws-hwe 4.15.0.1047.47\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://usn.ubuntu.com/4118-1\n CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097,\n CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609,\n CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613,\n CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617,\n CVE-2018-16862, CVE-2018-19985, CVE-2018-20169, CVE-2018-20511,\n CVE-2018-20784, CVE-2018-20856, CVE-2018-5383, CVE-2019-0136,\n CVE-2019-10126, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639,\n CVE-2019-11085, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810,\n CVE-2019-11815, CVE-2019-11833, CVE-2019-11884, CVE-2019-12818,\n CVE-2019-12819, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272,\n CVE-2019-13631, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763,\n CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214,\n CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220,\n CVE-2019-15221, CVE-2019-15292, CVE-2019-2024, CVE-2019-2101,\n CVE-2019-3701, CVE-2019-3819, CVE-2019-3846, CVE-2019-3900,\n CVE-2019-9506\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1047.49\n https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1047.49~16.04.1\n. Unfortunately, as part of the update,\na regression was introduced that caused a kernel crash when handling\nfragmented packets in some situations. This update addresses the issue. \n\nWe apologize for the inconvenience", "sources": [ { "db": "NVD", "id": "CVE-2019-0136" }, { "db": "JVNDB", "id": "JVNDB-2019-000046" }, { "db": "CNVD", "id": "CNVD-2019-25748" }, { "db": "CNNVD", "id": "CNNVD-201906-530" }, { "db": "BID", "id": "108777" }, { "db": "PACKETSTORM", "id": "154951" }, { "db": "PACKETSTORM", "id": "154315" }, { "db": "PACKETSTORM", "id": "154695" }, { "db": "PACKETSTORM", "id": "154326" }, { "db": "PACKETSTORM", "id": "154740" }, { "db": "PACKETSTORM", "id": "154446" } ], "trust": 3.51 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-0136", "trust": 4.7 }, { "db": "BID", "id": "108777", "trust": 2.5 }, { "db": "JVN", "id": "JVN75617741", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2019-000046", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "154951", "trust": 1.7 }, { "db": "LENOVO", "id": "LEN-27828", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU95572531", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-004980", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "154326", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2019-25748", "trust": 0.6 }, { "db": "LENOVO", "id": "LEN-27701", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0766", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0615", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3334", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201906-530", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "154315", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154695", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154740", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154446", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-25748" }, { "db": "BID", "id": "108777" }, { "db": "JVNDB", "id": "JVNDB-2019-004980" }, { "db": "JVNDB", "id": "JVNDB-2019-000046" }, { "db": "PACKETSTORM", "id": "154951" }, { "db": "PACKETSTORM", "id": "154315" }, { "db": "PACKETSTORM", "id": "154695" }, { "db": "PACKETSTORM", "id": "154326" }, { "db": "PACKETSTORM", "id": "154740" }, { "db": "PACKETSTORM", "id": "154446" }, { "db": "NVD", "id": "CVE-2019-0136" }, { "db": "CNNVD", "id": "CNNVD-201906-530" } ] }, "id": "VAR-201906-0917", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2019-25748" } ], "trust": 1.1401698649999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-25748" } ] }, "last_update_date": "2023-12-22T21:37:22.289000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "[INTEL-SA-00232] Intel PROSet/Wireless WiFi Software Advisory", "trust": 1.6, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html" }, { "title": "[INTEL-SA-00248] Open Cloud Integrity Technology and OpenAttestation Advisory", "trust": 0.8, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html" }, { "title": "[INTEL-SA-00257] Intel Omni-Path Fabric Manager GUI Advisory", "trust": 0.8, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00257.html" }, { "title": "[INTEL-SA-00259] Intel RAID Web Console 3 for Windows* Advisory", "trust": 0.8, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html" }, { "title": "[INTEL-SA-00224] Intel Chipset Device Software (INF Update Utility) Advisory", "trust": 0.8, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00224.html" }, { "title": "[INTEL-SA-00264] Intel NUC Firmware Advisory", "trust": 0.8, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html" }, { "title": "[INTEL-SA-00226] Intel Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise Advisory", "trust": 0.8, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html" }, { "title": "[INTEL-SA-00206] ITE Tech* Consumer Infrared Driver for Windows 10 Advisory", "trust": 0.8, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html" }, { "title": "[INTEL-SA-00235] Intel SGX for Linux Advisory", "trust": 0.8, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html" }, { "title": "[INTEL-SA-00243] Intel Turbo Boost Max Technology 3.0 Advisory", "trust": 0.8, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html" }, { "title": "[INTEL-SA-00247] Partial Physical Address Leakage Advisory", "trust": 0.8, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00247.html" }, { "title": "Downloads for Intel Dual Band Wireless-AC 8260", "trust": 0.8, "url": "https://downloadcenter.intel.com/en/product/86068" }, { "title": "IntelPROSet/WirelessWiFiSoftwaredriver Access Control Error Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/173035" }, { "title": "Intel PROSet/Wireless WiFi Software driver Fixes for access control error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93761" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-25748" }, { "db": "JVNDB", "id": "JVNDB-2019-004980" }, { "db": "JVNDB", "id": "JVNDB-2019-000046" }, { "db": "CNNVD", "id": "CNNVD-201906-530" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-000046" }, { "db": "NVD", "id": "CVE-2019-0136" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://www.securityfocus.com/bid/108777" }, { "trust": 2.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0136" }, { "trust": 2.4, "url": "http://jvn.jp/en/jp/jvn75617741/index.html" }, { "trust": 2.2, "url": "https://usn.ubuntu.com/4115-1/" }, { "trust": 2.2, "url": "https://usn.ubuntu.com/4147-1/" }, { "trust": 1.9, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html" }, { "trust": 1.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0136" }, { "trust": 1.6, "url": "http://packetstormsecurity.com/files/154951/kernel-live-patch-security-notice-lsn-0058-1.html" }, { "trust": 1.6, "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html" }, { "trust": 1.6, "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html" }, { "trust": 1.6, "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html" }, { "trust": 1.6, "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" }, { "trust": 1.6, "url": "https://support.lenovo.com/us/en/product_security/len-27828" }, { "trust": 1.6, "url": "https://usn.ubuntu.com/4118-1/" }, { "trust": 1.6, "url": "https://usn.ubuntu.com/4145-1/" }, { "trust": 1.2, "url": "https://jvndb.jvn.jp/en/contents/2019/jvndb-2019-000046.html" }, { "trust": 1.2, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/in" }, { "trust": 0.9, "url": "http://www.intel.com/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0130" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0179" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11123" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0180" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11124" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0157" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0181" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11125" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0164" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0182" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11126" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11127" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0174" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0183" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11128" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0175" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11092" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11129" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3702" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0177" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11117" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0128" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0178" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11119" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95572531" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0128" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0178" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11119" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0130" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0179" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11123" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0180" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11124" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0157" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0181" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11125" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0164" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0182" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11126" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0174" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0183" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11127" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0175" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11092" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11128" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3702" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0177" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11117" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11129" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10207" }, { "trust": 0.6, "url": "https://usn.ubuntu.com/4116-1/" }, { "trust": 0.6, "url": "https://usn.ubuntu.com/4114-1/" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/zh/product_security/len-27828" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/product_security/len-27701" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3334/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0766/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0615" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/154326/ubuntu-security-notice-usn-4118-1.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13631" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11487" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15211" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15215" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14284" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14283" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15221" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11599" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15090" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20784" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15220" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19985" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10639" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10638" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15218" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15212" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20856" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10905" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10126" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20976" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20961" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11810" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3819" }, { "trust": 0.2, "url": "https://usn.ubuntu.com/4115-1" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13648" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15292" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3701" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3900" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15216" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14763" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15214" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15926" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11478" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14821" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14835" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11477" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3846" }, { "trust": 0.1, "url": "https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14816" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12614" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-21008" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11833" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2054" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14814" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1022.25~16.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1022.25" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-60.67~16.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1043.43" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1041.43" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-60.67" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1056.61" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1041.43" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1044.47" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1095.106" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1123.132" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18509" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1059.66" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-165.193" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4145-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1127.135" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16862" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14610" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4118-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14616" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13098" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13093" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20169" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14614" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11085" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14611" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13053" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1047.49" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14612" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13099" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13100" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14617" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1047.49~16.04.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5383" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15223" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux/5.0.0-31.33" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15538" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4147-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15118" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15217" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15925" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1023.24" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-31.33~18.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1020.20" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15117" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1019.19" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9506" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1018.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1022.23" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1020.20~18.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1019.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-62.69" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1023.26" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1842447" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1044.44" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1042.44" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1057.62" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1045.49" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1023.26~16.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1042.44" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4115-2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-62.69~16.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1048.50" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1048.50~16.04.1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-25748" }, { "db": "BID", "id": "108777" }, { "db": "JVNDB", "id": "JVNDB-2019-004980" }, { "db": "JVNDB", "id": "JVNDB-2019-000046" }, { "db": "PACKETSTORM", "id": "154951" }, { "db": "PACKETSTORM", "id": "154315" }, { "db": "PACKETSTORM", "id": "154695" }, { "db": "PACKETSTORM", "id": "154326" }, { "db": "PACKETSTORM", "id": "154740" }, { "db": "PACKETSTORM", "id": "154446" }, { "db": "NVD", "id": "CVE-2019-0136" }, { "db": "CNNVD", "id": "CNNVD-201906-530" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-25748" }, { "db": "BID", "id": "108777" }, { "db": "JVNDB", "id": "JVNDB-2019-004980" }, { "db": "JVNDB", "id": "JVNDB-2019-000046" }, { "db": "PACKETSTORM", "id": "154951" }, { "db": "PACKETSTORM", "id": "154315" }, { "db": "PACKETSTORM", "id": "154695" }, { "db": "PACKETSTORM", "id": "154326" }, { "db": "PACKETSTORM", "id": "154740" }, { "db": "PACKETSTORM", "id": "154446" }, { "db": "NVD", "id": "CVE-2019-0136" }, { "db": "CNNVD", "id": "CNNVD-201906-530" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-04T00:00:00", "db": "CNVD", "id": "CNVD-2019-25748" }, { "date": "2019-06-11T00:00:00", "db": "BID", "id": "108777" }, { "date": "2019-06-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-004980" }, { "date": "2019-07-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-000046" }, { "date": "2019-10-23T18:32:10", "db": "PACKETSTORM", "id": "154951" }, { "date": "2019-09-02T23:48:23", "db": "PACKETSTORM", "id": "154315" }, { "date": "2019-10-01T20:45:14", "db": "PACKETSTORM", "id": "154695" }, { "date": "2019-09-03T16:47:23", "db": "PACKETSTORM", "id": "154326" }, { "date": "2019-10-05T14:13:57", "db": "PACKETSTORM", "id": "154740" }, { "date": "2019-09-11T13:57:38", "db": "PACKETSTORM", "id": "154446" }, { "date": "2019-06-13T16:29:00.763000", "db": "NVD", "id": "CVE-2019-0136" }, { "date": "2019-06-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-530" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-04T00:00:00", "db": "CNVD", "id": "CNVD-2019-25748" }, { "date": "2019-06-11T00:00:00", "db": "BID", "id": "108777" }, { "date": "2019-06-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-004980" }, { "date": "2019-07-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-000046" }, { "date": "2020-08-24T17:37:01.140000", "db": "NVD", "id": "CVE-2019-0136" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-530" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-530" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Intel PROSet/Wireless WiFi Software driver Access Control Error Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2019-25748" }, { "db": "CNNVD", "id": "CNNVD-201906-530" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "access control error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-530" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.