USN-4135-2

See a problem?
Source
https://ubuntu.com/security/notices/USN-4135-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4135-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4135-2
Related
Published
2019-09-18T10:27:15.936643Z
Modified
2019-09-18T10:27:15.936643Z
Summary
linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial vulnerabilities
Details

Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835)

It was discovered that the Linux kernel on PowerPC architectures did not properly handle Facility Unavailable exceptions in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-15030)

It was discovered that the Linux kernel on PowerPC architectures did not properly handle exceptions on interrupts in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-15031)

References

Affected packages

Ubuntu:14.04:LTS / linux

Package

Name
linux
Purl
pkg:deb/ubuntu/linux@3.13.0-173.224?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.13.0-173.224

Affected versions

3.*

3.11.0-12.19
3.12.0-1.3
3.12.0-2.5
3.12.0-2.7
3.12.0-3.8
3.12.0-3.9
3.12.0-4.10
3.12.0-4.12
3.12.0-5.13
3.12.0-7.15
3.13.0-1.16
3.13.0-2.17
3.13.0-3.18
3.13.0-4.19
3.13.0-5.20
3.13.0-6.23
3.13.0-7.25
3.13.0-7.26
3.13.0-8.27
3.13.0-8.28
3.13.0-10.30
3.13.0-11.31
3.13.0-12.32
3.13.0-13.33
3.13.0-14.34
3.13.0-15.35
3.13.0-16.36
3.13.0-17.37
3.13.0-18.38
3.13.0-19.39
3.13.0-19.40
3.13.0-20.42
3.13.0-21.43
3.13.0-22.44
3.13.0-23.45
3.13.0-24.46
3.13.0-24.47
3.13.0-27.50
3.13.0-29.53
3.13.0-30.54
3.13.0-30.55
3.13.0-32.57
3.13.0-33.58
3.13.0-34.60
3.13.0-35.62
3.13.0-36.63
3.13.0-37.64
3.13.0-39.66
3.13.0-40.69
3.13.0-41.70
3.13.0-43.72
3.13.0-44.73
3.13.0-45.74
3.13.0-46.75
3.13.0-46.76
3.13.0-46.77
3.13.0-46.79
3.13.0-48.80
3.13.0-49.81
3.13.0-49.83
3.13.0-51.84
3.13.0-52.85
3.13.0-52.86
3.13.0-53.88
3.13.0-53.89
3.13.0-54.91
3.13.0-55.92
3.13.0-55.94
3.13.0-57.95
3.13.0-58.97
3.13.0-59.98
3.13.0-61.100
3.13.0-62.102
3.13.0-63.103
3.13.0-65.105
3.13.0-65.106
3.13.0-66.108
3.13.0-67.110
3.13.0-68.111
3.13.0-70.113
3.13.0-71.114
3.13.0-73.116
3.13.0-74.118
3.13.0-76.120
3.13.0-77.121
3.13.0-79.123
3.13.0-83.127
3.13.0-85.129
3.13.0-86.130
3.13.0-86.131
3.13.0-87.133
3.13.0-88.135
3.13.0-91.138
3.13.0-92.139
3.13.0-93.140
3.13.0-95.142
3.13.0-96.143
3.13.0-98.145
3.13.0-100.147
3.13.0-101.148
3.13.0-103.150
3.13.0-105.152
3.13.0-106.153
3.13.0-107.154
3.13.0-108.155
3.13.0-109.156
3.13.0-110.157
3.13.0-111.158
3.13.0-112.159
3.13.0-113.160
3.13.0-115.162
3.13.0-116.163
3.13.0-117.164
3.13.0-119.166
3.13.0-121.170
3.13.0-123.172
3.13.0-125.174
3.13.0-126.175
3.13.0-128.177
3.13.0-129.178
3.13.0-132.181
3.13.0-133.182
3.13.0-135.184
3.13.0-137.186
3.13.0-139.188
3.13.0-141.190
3.13.0-142.191
3.13.0-143.192
3.13.0-144.193
3.13.0-145.194
3.13.0-147.196
3.13.0-149.199
3.13.0-151.201
3.13.0-153.203
3.13.0-155.205
3.13.0-156.206
3.13.0-157.207
3.13.0-158.208
3.13.0-160.210
3.13.0-161.211
3.13.0-162.212
3.13.0-163.213
3.13.0-164.214
3.13.0-165.215
3.13.0-166.216
3.13.0-167.217
3.13.0-168.218
3.13.0-169.219
3.13.0-170.220

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "linux-image-3.13.0-173-powerpc64-emb": "3.13.0-173.224",
            "linux-image-3.13.0-173-powerpc64-smp": "3.13.0-173.224",
            "linux-image-3.13.0-173-generic": "3.13.0-173.224",
            "linux-image-3.13.0-173-generic-lpae": "3.13.0-173.224",
            "linux-image-3.13.0-173-lowlatency": "3.13.0-173.224",
            "linux-image-3.13.0-173-powerpc-smp": "3.13.0-173.224",
            "linux-image-3.13.0-173-powerpc-e500mc": "3.13.0-173.224",
            "linux-image-3.13.0-173-powerpc-e500": "3.13.0-173.224"
        }
    ]
}

Ubuntu:14.04:LTS / linux-aws

Package

Name
linux-aws
Purl
pkg:deb/ubuntu/linux-aws@4.4.0-1054.58?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1054.58

Affected versions

4.*

4.4.0-1002.2
4.4.0-1003.3
4.4.0-1005.5
4.4.0-1006.6
4.4.0-1009.9
4.4.0-1010.10
4.4.0-1011.11
4.4.0-1012.12
4.4.0-1014.14
4.4.0-1016.16
4.4.0-1017.17
4.4.0-1019.19
4.4.0-1022.22
4.4.0-1023.23
4.4.0-1024.25
4.4.0-1025.26
4.4.0-1027.30
4.4.0-1028.31
4.4.0-1029.32
4.4.0-1031.34
4.4.0-1032.35
4.4.0-1034.37
4.4.0-1036.39
4.4.0-1037.40
4.4.0-1038.41
4.4.0-1039.42
4.4.0-1040.43
4.4.0-1042.45
4.4.0-1044.47

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "linux-image-4.4.0-1054-aws": "4.4.0-1054.58"
        }
    ]
}

Ubuntu:14.04:LTS / linux-azure

Package

Name
linux-azure
Purl
pkg:deb/ubuntu/linux-azure@4.15.0-1059.64~14.04.1?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1059.64~14.04.1

Affected versions

4.*

4.15.0-1023.24~14.04.1
4.15.0-1030.31~14.04.1
4.15.0-1031.32~14.04.1
4.15.0-1032.33~14.04.2
4.15.0-1035.36~14.04.2
4.15.0-1036.38~14.04.2
4.15.0-1037.39~14.04.2
4.15.0-1039.41~14.04.2
4.15.0-1040.44~14.04.1
4.15.0-1041.45~14.04.1
4.15.0-1042.46~14.04.1
4.15.0-1045.49~14.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "linux-image-4.15.0-1059-azure": "4.15.0-1059.64~14.04.1"
        }
    ]
}

Ubuntu:14.04:LTS / linux-lts-xenial

Package

Name
linux-lts-xenial
Purl
pkg:deb/ubuntu/linux-lts-xenial@4.4.0-164.192~14.04.1?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-164.192~14.04.1

Affected versions

4.*

4.4.0-13.29~14.04.1
4.4.0-14.30~14.04.2
4.4.0-15.31~14.04.1
4.4.0-18.34~14.04.1
4.4.0-21.37~14.04.1
4.4.0-22.39~14.04.1
4.4.0-22.40~14.04.1
4.4.0-24.43~14.04.1
4.4.0-28.47~14.04.1
4.4.0-31.50~14.04.1
4.4.0-34.53~14.04.1
4.4.0-36.55~14.04.1
4.4.0-38.57~14.04.1
4.4.0-42.62~14.04.1
4.4.0-45.66~14.04.1
4.4.0-47.68~14.04.1
4.4.0-51.72~14.04.1
4.4.0-53.74~14.04.1
4.4.0-57.78~14.04.1
4.4.0-59.80~14.04.1
4.4.0-62.83~14.04.1
4.4.0-63.84~14.04.2
4.4.0-64.85~14.04.1
4.4.0-66.87~14.04.1
4.4.0-67.88~14.04.1
4.4.0-70.91~14.04.1
4.4.0-71.92~14.04.1
4.4.0-72.93~14.04.1
4.4.0-75.96~14.04.1
4.4.0-78.99~14.04.2
4.4.0-79.100~14.04.1
4.4.0-81.104~14.04.1
4.4.0-83.106~14.04.1
4.4.0-87.110~14.04.1
4.4.0-89.112~14.04.1
4.4.0-91.114~14.04.1
4.4.0-92.115~14.04.1
4.4.0-93.116~14.04.1
4.4.0-96.119~14.04.1
4.4.0-97.120~14.04.1
4.4.0-98.121~14.04.1
4.4.0-101.124~14.04.1
4.4.0-103.126~14.04.1
4.4.0-104.127~14.04.1
4.4.0-108.131~14.04.1
4.4.0-109.132~14.04.1
4.4.0-111.134~14.04.1
4.4.0-112.135~14.04.1
4.4.0-116.140~14.04.1
4.4.0-119.143~14.04.1
4.4.0-121.145~14.04.1
4.4.0-124.148~14.04.1
4.4.0-127.153~14.04.1
4.4.0-128.154~14.04.1
4.4.0-130.156~14.04.1
4.4.0-131.157~14.04.1
4.4.0-133.159~14.04.1
4.4.0-134.160~14.04.1
4.4.0-135.161~14.04.1
4.4.0-137.163~14.04.1
4.4.0-138.164~14.04.1
4.4.0-139.165~14.04.1
4.4.0-140.166~14.04.1
4.4.0-141.167~14.04.1
4.4.0-142.168~14.04.1
4.4.0-143.169~14.04.2
4.4.0-144.170~14.04.1
4.4.0-146.172~14.04.1
4.4.0-148.174~14.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "linux-image-4.4.0-164-lowlatency": "4.4.0-164.192~14.04.1",
            "linux-image-4.4.0-164-generic": "4.4.0-164.192~14.04.1",
            "linux-image-4.4.0-164-generic-lpae": "4.4.0-164.192~14.04.1",
            "linux-image-4.4.0-164-powerpc-e500mc": "4.4.0-164.192~14.04.1",
            "linux-image-4.4.0-164-powerpc64-emb": "4.4.0-164.192~14.04.1",
            "linux-image-4.4.0-164-powerpc64-smp": "4.4.0-164.192~14.04.1",
            "linux-image-4.4.0-164-powerpc-smp": "4.4.0-164.192~14.04.1"
        }
    ]
}