News

Canonical releases major updates to Linux kernel in Ubuntu

The British company Canonical released updates for the Linux kernel in the versions of the OS Ubuntu 19.04 (Disco Dingo) and Ubuntu 18.04 LTS (Bionic Beaver), eliminating eighteen dangerous vulnerabilities.

Among others, were fixed vulnerabilities in a number of drivers.

For example, it was discovered that the Intel Wi-Fi device driver in the Linux kernel does not correctly validate a specific tunnel forward link (TDLS) setting. An attacker could use the vulnerability to cause a denial of service (disable Wi-Fi) (CVE-2019-0136).

β€œIt was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631)”, β€” report in Canonical.

Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel does not correctly validate device metadata. On the physical level, the nearest attacker can use this to cause a denial of service (system failure). (CVE-2019-15117).

Also, vulnerabilities were detected in the drivers Raremono AM / FM / SW, USB Rio 500, CPiA2 video4linux, Softmac USB Prism54, ZR364XX USB, Siano USB MDTV, Line 6 POD USB and USB Line 6. Vulnerability also affected specification of the BR / EDR Bluetooth protocol.

Read also: Bug in iOS 13 interferes with Touch ID

Exploitation of vulnerabilities allows attackers to steal important information if they are in the proximity to the device, cause a system malfunction, or even execute arbitrary code.

The update also fixes a vulnerability in the implementation of Bluetooth UART, due to which an attacker could cause denial of service and reading outside the buffer (Out-of-bounds Read) in the QLIic iSCSI QEDI Initiator driver, allowing access to confidential information (kernel memory). Exploiting vulnerabilities in the XFS file system, Hisilicon HNS3 Ethernet driver, and Atheros driver can cause a denial of service.

Canonical recommends that all users of Ubuntu 19.04 (Disco Dingo) upgrade to linux-image 5.0.0-31.33, and users of Ubuntu 18.04.3 LTS (Bionic Beaver) to upgrade to linux-image 5.0.0-31.33 ~ 18.04.1.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button