USN-4076-1: Linux kernel vulnerabilities
USN-4076-1: Linux kernel vulnerabilities linux, linux-aws, linux-kvm, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20836) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It [ more… ]