
USN-4325-1: Linux kernel vulnerabilities
USN-4325-1: Linux kernel vulnerabilities linux-azure, linux-gcp, linux-gke-5.0, linux-oem-osp1, linux-oracle-5.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-gke-5.0 – Linux kernel for Google Container Engine (GKE) systems linux-oem-osp1 – Linux kernel for OEM processors linux-oracle-5.0 – Linux kernel for Oracle Cloud systems Details It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19046) Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this [ more… ]