Details of VAR-201911-1413

ID

VAR-201911-1413

CVE

CVE-2019-19060

TITLE

Linux Kernel Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2019-011971

DESCRIPTION

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. Linux Kernel Contains a resource exhaustion vulnerability. Vendors have confirmed this vulnerability CID-ab612b1daf41 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. ========================================================================= Ubuntu Security Notice USN-4226-1 January 07, 2020 linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-aws-5.0: Linux kernel for Amazon Web Services (AWS) systems - linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems - linux-oem-osp1: Linux kernel for OEM processors - linux-oracle-5.0: Linux kernel for Oracle Cloud systems Details: Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. (CVE-2019-10220) It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897) It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231) It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133) Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660) It was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. (CVE-2019-19045) It was discovered that the VirtualBox guest driver implementation in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19048) It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. (CVE-2019-19052) It was discovered that the netlink-based 802.11 configuration interface in the Linux kernel did not deallocate memory in certain error conditions. (CVE-2019-19055) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19060) It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19065) It was discovered that the AMD Audio CoProcessor Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19067) It was discovered that the event tracing subsystem of the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19072) It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19075) It was discovered that the AMD Display Engine Driver in the Linux kernel did not properly deallocate memory in certain error conditions. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2019-19524) It was discovered that the NXP PN533 NFC USB driver in the Linux kernel did not properly free resources after a late probe error, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19526) It was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19529) It was discovered that multiple USB HID device drivers in the Linux kernel did not properly validate device metadata on attachment, leading to out-of- bounds writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19532) It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534) It was discovered that in some situations the fair scheduler in the Linux kernel did not permit a process to use its full quota time slice. A local attacker could use this to cause a denial of service. (CVE-2019-19922) It was discovered that the binder IPC implementation in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-2214) Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075) It was discovered that the DesignWare USB3 controller driver in the Linux kernel did not properly deallocate memory in some error conditions. (CVE-2019-18813) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: linux-image-5.0.0-1009-oracle 5.0.0-1009.14 linux-image-5.0.0-1023-aws 5.0.0-1023.26 linux-image-5.0.0-1024-kvm 5.0.0-1024.26 linux-image-5.0.0-1024-raspi2 5.0.0-1024.25 linux-image-5.0.0-1028-azure 5.0.0-1028.30 linux-image-5.0.0-1028-gcp 5.0.0-1028.29 linux-image-5.0.0-38-generic 5.0.0-38.41 linux-image-5.0.0-38-generic-lpae 5.0.0-38.41 linux-image-5.0.0-38-lowlatency 5.0.0-38.41 linux-image-aws 5.0.0.1023.25 linux-image-azure 5.0.0.1028.28 linux-image-gcp 5.0.0.1028.53 linux-image-generic 5.0.0.38.40 linux-image-generic-lpae 5.0.0.38.40 linux-image-gke 5.0.0.1028.53 linux-image-kvm 5.0.0.1024.25 linux-image-lowlatency 5.0.0.38.40 linux-image-oracle 5.0.0.1009.35 linux-image-raspi2 5.0.0.1024.22 linux-image-virtual 5.0.0.38.40 Ubuntu 18.04 LTS: linux-image-5.0.0-1009-oracle 5.0.0-1009.14~18.04.1 linux-image-5.0.0-1023-aws 5.0.0-1023.26~18.04.1 linux-image-5.0.0-1027-gke 5.0.0-1027.28~18.04.1 linux-image-5.0.0-1028-azure 5.0.0-1028.30~18.04.1 linux-image-5.0.0-1033-oem-osp1 5.0.0-1033.38 linux-image-aws-edge 5.0.0.1023.37 linux-image-azure 5.0.0.1028.39 linux-image-gke-5.0 5.0.0.1027.16 linux-image-oem-osp1 5.0.0.1033.37 linux-image-oracle-edge 5.0.0.1009.8 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4226-1 CVE-2019-10220, CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901, CVE-2019-16231, CVE-2019-16233, CVE-2019-17075, CVE-2019-17133, CVE-2019-18660, CVE-2019-18813, CVE-2019-19045, CVE-2019-19048, CVE-2019-19052, CVE-2019-19055, CVE-2019-19060, CVE-2019-19065, CVE-2019-19067, CVE-2019-19072, CVE-2019-19075, CVE-2019-19083, CVE-2019-19524, CVE-2019-19526, CVE-2019-19529, CVE-2019-19532, CVE-2019-19534, CVE-2019-19922, CVE-2019-2214 Package Information: https://launchpad.net/ubuntu/+source/linux/5.0.0-38.41 https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1023.26 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30 https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1028.29 https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1024.26 https://launchpad.net/ubuntu/+source/linux-oracle/5.0.0-1009.14 https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1024.25 https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1023.26~18.04.1 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30~18.04.1 https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1027.28~18.04.1 https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1033.38 https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1009.14~18.04.1

Trust: 2.07

sources: NVD: CVE-2019-19060 // JVNDB: JVNDB-2019-011971 // VULHUB: VHN-151469 // VULMON: CVE-2019-19060 // PACKETSTORM: 155529 // PACKETSTORM: 155854 // PACKETSTORM: 157755

AFFECTED PRODUCTS

vendor:	linux	model:	kernel	scope:	lt	version:	5.3.9	Trust: 1.8
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.60.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.20	Trust: 1.0
vendor:	netapp	model:	hci compute node	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.9.262	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.60	Trust: 1.0
vendor:	netapp	model:	hci baseboard management controller	scope:	eq	version:	h610s	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.40	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.40.3r2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.70.1	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.60.1	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.14.226	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.10	Trust: 1.0
vendor:	netapp	model:	solidfire\, enterprise sds \& hci storage node	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.50.2	Trust: 1.0
vendor:	netapp	model:	fas\/aff baseboard management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.15	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.25	Trust: 1.0
vendor:	netapp	model:	data availability services	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.30	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.30.5r3	Trust: 1.0
vendor:	netapp	model:	solidfire \& hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.5	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.20	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.40.5	Trust: 1.0
vendor:	netapp	model:	aff baseboard management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.10	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.70.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.04	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.50.1	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.19.82	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.4.262	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	3.8	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.60.3	Trust: 1.0
vendor:	netapp	model:	solidfire baseboard management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	broadcom	model:	brocade fabric operating system	scope:	eq	version:	-	Trust: 1.0

sources: JVNDB: JVNDB-2019-011971 // NVD: CVE-2019-19060

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19060
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-19060
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201911-1081
value:	HIGH
Trust: 0.6
VULHUB:	VHN-151469
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-19060
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-19060
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-151469
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-19060
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-19060
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-151469 // VULMON: CVE-2019-19060 // JVNDB: JVNDB-2019-011971 // CNNVD: CNNVD-201911-1081 // NVD: CVE-2019-19060

PROBLEMTYPE DATA

problemtype:	CWE-401	Trust: 1.1
problemtype:	CWE-400	Trust: 0.8

sources: VULHUB: VHN-151469 // JVNDB: JVNDB-2019-011971 // NVD: CVE-2019-19060

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1081

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1081

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011971

PATCH

title:	ChangeLog-5.3.9	url:	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9	Trust: 0.8
title:	iio: imu: adis16400: release allocated memory on failure	url:	https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0	Trust: 0.8
title:	Linux Kernel Archives	url:	http://www.kernel.org	Trust: 0.8
title:	Linux kernel Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103001	Trust: 0.6
title:	Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4210-1	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-aws, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4364-1	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4208-1	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4226-1	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1627	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1627	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2019-19060	Trust: 0.1
title:	cve_diff_checker	url:	https://github.com/lcatro/cve_diff_checker	Trust: 0.1

sources: VULMON: CVE-2019-19060 // JVNDB: JVNDB-2019-011971 // CNNVD: CNNVD-201911-1081

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19060	Trust: 2.9
db:	PACKETSTORM	id:	157755	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-011971	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-1081	Trust: 0.7
db:	PACKETSTORM	id:	155529	Trust: 0.7
db:	PACKETSTORM	id:	155854	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0851	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4793	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4539	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4346.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4704	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1768.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0830	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0141	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4584	Trust: 0.6
db:	VULHUB	id:	VHN-151469	Trust: 0.1
db:	VULMON	id:	CVE-2019-19060	Trust: 0.1

sources: VULHUB: VHN-151469 // VULMON: CVE-2019-19060 // JVNDB: JVNDB-2019-011971 // PACKETSTORM: 155529 // PACKETSTORM: 155854 // PACKETSTORM: 157755 // CNNVD: CNNVD-201911-1081 // NVD: CVE-2019-19060

REFERENCES

url:	https://usn.ubuntu.com/4210-1/	Trust: 2.5
url:	https://security.netapp.com/advisory/ntap-20191205-0001/	Trust: 1.8
url:	https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.3.9	Trust: 1.8
url:	https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html	Trust: 1.8
url:	https://usn.ubuntu.com/4208-1/	Trust: 1.8
url:	https://usn.ubuntu.com/4226-1/	Trust: 1.8
url:	https://usn.ubuntu.com/4364-1/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19060	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19060	Trust: 0.8
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193200-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193381-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193316-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193317-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1768.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4539/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4704/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157755/ubuntu-security-notice-usn-4364-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/155529/ubuntu-security-notice-usn-4210-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4793/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0851/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4584/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0830/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-19060	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0141/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/linux-kernel-five-vulnerabilities-via-memory-leak-30908	Trust: 0.6
url:	https://packetstormsecurity.com/files/155854/ubuntu-security-notice-usn-4226-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4346.2/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19065	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17075	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17133	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19075	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/401.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2019-19060	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1051.51	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16746	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1049.52	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1065.75	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1050.53	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1056.58~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1030.33~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1069.76	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1052.56	Trust: 0.1
url:	https://usn.ubuntu.com/4210-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1030.33	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1056.58	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-72.81~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.15.0-72.81	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30~18.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19048	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1024.25	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16231	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1024.26	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1009.14~18.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16233	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18813	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18660	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1028.29	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19052	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1023.26	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10220	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19067	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19045	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2214	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19526	Trust: 0.1
url:	https://usn.ubuntu.com/4226-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1027.28~18.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19922	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14901	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/5.0.0-38.41	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19083	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19529	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19072	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1033.38	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/5.0.0-1009.14	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19055	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19534	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19532	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1023.26~18.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.4.0-179.209	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11668	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1107.118	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11565	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11608	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11494	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11609	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1133.142	Trust: 0.1
url:	https://usn.ubuntu.com/4364-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1137.145	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10942	Trust: 0.1

CREDITS

Ubuntu

Trust: 0.9

sources: PACKETSTORM: 155529 // PACKETSTORM: 155854 // PACKETSTORM: 157755 // CNNVD: CNNVD-201911-1081

SOURCES

db:	VULHUB	id:	VHN-151469
db:	VULMON	id:	CVE-2019-19060
db:	JVNDB	id:	JVNDB-2019-011971
db:	PACKETSTORM	id:	155529
db:	PACKETSTORM	id:	155854
db:	PACKETSTORM	id:	157755
db:	CNNVD	id:	CNNVD-201911-1081
db:	NVD	id:	CVE-2019-19060

LAST UPDATE DATE

2024-08-14T13:19:00.351000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151469	date:	2023-01-19T00:00:00
db:	VULMON	id:	CVE-2019-19060	date:	2022-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-011971	date:	2019-11-21T00:00:00
db:	CNNVD	id:	CNNVD-201911-1081	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-19060	date:	2023-01-19T20:08:01.737

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151469	date:	2019-11-18T00:00:00
db:	VULMON	id:	CVE-2019-19060	date:	2019-11-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-011971	date:	2019-11-21T00:00:00
db:	PACKETSTORM	id:	155529	date:	2019-12-03T14:22:22
db:	PACKETSTORM	id:	155854	date:	2020-01-07T16:46:38
db:	PACKETSTORM	id:	157755	date:	2020-05-19T14:38:51
db:	CNNVD	id:	CNNVD-201911-1081	date:	2019-11-18T00:00:00
db:	NVD	id:	CVE-2019-19060	date:	2019-11-18T06:15:12.343