Ubuntu Local Security Checks : Ubuntu: Security Advisory for linux (USN-4411-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.844483

Kategorie: Ubuntu Local Security Checks

Titel: Ubuntu: Security Advisory for linux (USN-4411-1)

Zusammenfassung: The remote host is missing an update for the 'linux'; package(s) announced via the USN-4411-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'linux'
package(s) announced via the USN-4411-1 advisory.

Vulnerability Insight:
It was discovered that the elf handling code in the Linux kernel did not
initialize memory before using it in certain situations. A local attacker
could use this to possibly expose sensitive information (kernel memory).
(CVE-2020-10732)

Matthew Sheets discovered that the SELinux network label handling
implementation in the Linux kernel could be coerced into de-referencing a
NULL pointer. A remote attacker could use this to cause a denial of service
(system crash). (CVE-2020-10711)

It was discovered that the SCSI generic (sg) driver in the Linux kernel did
not properly handle certain error conditions correctly. A local privileged
attacker could use this to cause a denial of service (system crash).
(CVE-2020-12770)

It was discovered that the USB Gadget device driver in the Linux kernel did
not validate arguments passed from configfs in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash) or possibly expose sensitive information. (CVE-2020-13143)

It was discovered that the KVM implementation in the Linux kernel did not
properly deallocate memory on initialization for some processors. A local
attacker could possibly use this to cause a denial of service.
(CVE-2020-12768)

Affected Software/OS:
'linux' package(s) on Ubuntu 20.04 LTS.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-10732
Common Vulnerability Exposure (CVE) ID: CVE-2020-10711
Common Vulnerability Exposure (CVE) ID: CVE-2020-12770
Common Vulnerability Exposure (CVE) ID: CVE-2020-13143
Common Vulnerability Exposure (CVE) ID: CVE-2020-12768

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.844483
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu: Security Advisory for linux (USN-4411-1)
Zusammenfassung:	The remote host is missing an update for the 'linux'; package(s) announced via the USN-4411-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'linux' package(s) announced via the USN-4411-1 advisory. Vulnerability Insight: It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2020-10732) Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash). (CVE-2020-10711) It was discovered that the SCSI generic (sg) driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-12770) It was discovered that the USB Gadget device driver in the Linux kernel did not validate arguments passed from configfs in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-13143) It was discovered that the KVM implementation in the Linux kernel did not properly deallocate memory on initialization for some processors. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12768) Affected Software/OS: 'linux' package(s) on Ubuntu 20.04 LTS. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-10732 Common Vulnerability Exposure (CVE) ID: CVE-2020-10711 Common Vulnerability Exposure (CVE) ID: CVE-2020-12770 Common Vulnerability Exposure (CVE) ID: CVE-2020-13143 Common Vulnerability Exposure (CVE) ID: CVE-2020-12768
Copyright	Copyright (C) 2020 Greenbone Networks GmbH