Ubuntu 18.10 : linux, linux-azure, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3903-1)
Medium Nessus Plugin ID 122668
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionJason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service (host system crash) or possibly execute arbitrary code in the host kernel.
Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. (CVE-2018-18397)
Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected packages.