The British company Canonical released updates for the Linux kernel in the versions of the OS Ubuntu 19.04 (Disco Dingo) and Ubuntu 18.04 LTS (Bionic Beaver), eliminating eighteen dangerous vulnerabilities.
Among others, were fixed vulnerabilities in a number of drivers.For example, it was discovered that the Intel Wi-Fi device driver in the Linux kernel does not correctly validate a specific tunnel forward link (TDLS) setting. An attacker could use the vulnerability to cause a denial of service (disable Wi-Fi) (CVE-2019-0136).
βIt was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631)β, β report in Canonical.
Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel does not correctly validate device metadata. On the physical level, the nearest attacker can use this to cause a denial of service (system failure). (CVE-2019-15117).
Also, vulnerabilities were detected in the drivers Raremono AM / FM / SW, USB Rio 500, CPiA2 video4linux, Softmac USB Prism54, ZR364XX USB, Siano USB MDTV, Line 6 POD USB and USB Line 6. Vulnerability also affected specification of the BR / EDR Bluetooth protocol.
Read also: Bug in iOS 13 interferes with Touch ID
Exploitation of vulnerabilities allows attackers to steal important information if they are in the proximity to the device, cause a system malfunction, or even execute arbitrary code.
The update also fixes a vulnerability in the implementation of Bluetooth UART, due to which an attacker could cause denial of service and reading outside the buffer (Out-of-bounds Read) in the QLIic iSCSI QEDI Initiator driver, allowing access to confidential information (kernel memory). Exploiting vulnerabilities in the XFS file system, Hisilicon HNS3 Ethernet driver, and Atheros driver can cause a denial of service.