Canonical Ubuntu Linux vulnerabilities

CVE-2019-11833 [MEDIUM] CWE-908 CVE-2019-11833: fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in th fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

CVE-2019-5018 [HIGH] CWE-416 CVE-2019-5018: An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3 An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.

CVE-2019-11884 [LOW] CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allow The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.

CVE-2019-11815 [HIGH] CWE-362 CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. Ther An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

CVE-2019-2054 [HIGH] CVE-2019-2054: In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499

CVE-2018-20836 [HIGH] CWE-362 CVE-2018-20836: An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timed An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.

CVE-2019-11810 [HIGH] CWE-416 CVE-2019-11810: An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

CVE-2019-11036 [CRITICAL] CWE-126 CVE-2019-11036: When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

CVE-2019-11683 [CRITICAL] CWE-787 CVE-2019-11683: udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remot udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.

CVE-2019-10131 [HIGH] CWE-193 CVE-2019-10131: An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the format An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.

CVE-2019-11596 [HIGH] CWE-476 CVE-2019-11596: In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.

CVE-2019-3843 [HIGH] CWE-266 CVE-2019-3843: It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binar It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recy

CVE-2019-3844 [HIGH] CWE-268 CVE-2019-3844: It was discovered that a systemd service that uses DynamicUser property can get new privileges throu It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the futur

CVE-2019-3900 [HIGH] CWE-835 CVE-2019-3900: An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scena

CVE-2019-9928 [HIGH] CWE-787 CVE-2019-9928: GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.

CVE-2019-11505 [HIGH] CWE-787 CVE-2019-11505: In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overf In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.

CVE-2019-11506 [HIGH] CWE-787 CVE-2019-11506: In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer over In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.

CVE-2019-11498 [MEDIUM] CWE-824 CVE-2019-11498: WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditiona WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.

CVE-2019-3882 [MEDIUM] CWE-770 CVE-2019-3882: A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the u A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.

CVE-2019-7304 [CRITICAL] CWE-863 CVE-2019-7304: Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an att Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.