Canonical Ubuntu Linux vulnerabilities

CVE-2019-15538 [HIGH] CWE-400 CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2. An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well

CVE-2019-15504 [CRITICAL] CWE-415 CVE-2019-15504: drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via craft drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).

CVE-2019-15505 [CRITICAL] CWE-125 CVE-2019-15505: drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds re drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).

CVE-2019-15292 [MEDIUM] CWE-416 CVE-2019-15292: An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_ex An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.

CVE-2019-2126 [HIGH] CWE-415 CVE-2019-2126: In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-

CVE-2019-15221 [MEDIUM] CWE-476 CVE-2019-15221: An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference cause An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.

CVE-2019-15216 [MEDIUM] CWE-476 CVE-2019-15216: An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference cause An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.

CVE-2019-15219 [MEDIUM] CWE-476 CVE-2019-15219: An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.

CVE-2019-15215 [MEDIUM] CWE-416 CVE-2019-15215: An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a mali An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.

CVE-2019-15223 [MEDIUM] CWE-476 CVE-2019-15223: An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver.

CVE-2019-15220 [MEDIUM] CWE-416 CVE-2019-15220: An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a mali An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver.

CVE-2019-15211 [MEDIUM] CWE-416 CVE-2019-15211: An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a mali An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.

CVE-2019-15214 [MEDIUM] CWE-416 CVE-2019-15214: An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound su An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c.

CVE-2019-15212 [MEDIUM] CWE-415 CVE-2019-15212: An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicio An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.

CVE-2019-15218 [MEDIUM] CWE-476 CVE-2019-15218: An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.

CVE-2019-15217 [MEDIUM] CWE-476 CVE-2019-15217: An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.

CVE-2019-15145 [MEDIUM] CWE-125 CVE-2019-15145: DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out- DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.

CVE-2019-15144 [MEDIUM] CWE-674 CVE-2019-15144: In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.

CVE-2019-15142 [MEDIUM] CWE-125 CVE-2019-15142: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of- In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.

CVE-2019-15143 [MEDIUM] CWE-835 CVE-2019-15143: In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.