Oval Definition:oval:com.ubuntu.bionic:def:2019190670000000
Revision Date:2019-11-18Version:1
Title:CVE-2019-19067 on Ubuntu 18.04 LTS (bionic) - low.
Description:** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading. It was discovered that the AMD Audio CoProcessor Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker with the ability to load modules could use this to cause a denial of service (memory exhaustion).
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-19067
Platform(s):Ubuntu 18.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 18.04 LTS (bionic) is installed.
  • AND Package Information
  • linux package in bionic is affected and needs fixing.
  • OR linux-aws package in bionic is affected and needs fixing.
  • OR linux-aws-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1023.26~18.04.1').
  • OR linux-azure package in bionic was vulnerable but has been fixed (note: '5.0.0-1028.30~18.04.1').
  • OR linux-azure-5.3 package in bionic was vulnerable but has been fixed (note: '5.3.0-1008.9~18.04.1').
  • OR linux-gcp package in bionic was vulnerable but has been fixed (note: '5.0.0-1028.29~18.04.1').
  • OR linux-gcp-5.3 package in bionic was vulnerable but has been fixed (note: '5.3.0-1009.10~18.04.1').
  • OR linux-gke-4.15 package in bionic is affected and needs fixing.
  • OR linux-gke-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1027.28~18.04.1').
  • OR linux-gke-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1011.12~18.04.1').
  • OR linux-hwe package in bionic was vulnerable but has been fixed (note: '5.3.0-26.28~18.04.1').
  • OR linux-kvm package in bionic is affected and needs fixing.
  • OR linux-meta package in bionic is affected and needs fixing.
  • OR linux-meta-aws package in bionic is affected and needs fixing.
  • OR linux-meta-aws-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1023.26~18.04.1').
  • OR linux-meta-azure package in bionic was vulnerable but has been fixed (note: '5.0.0-1028.30~18.04.1').
  • OR linux-meta-azure-5.3 package in bionic was vulnerable but has been fixed (note: '5.3.0-1008.9~18.04.1').
  • OR linux-meta-gcp package in bionic was vulnerable but has been fixed (note: '5.0.0-1028.29~18.04.1').
  • OR linux-meta-gcp-5.3 package in bionic was vulnerable but has been fixed (note: '5.3.0-1009.10~18.04.1').
  • OR linux-meta-gke-4.15 package in bionic is affected and needs fixing.
  • OR linux-meta-gke-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1027.28~18.04.1').
  • OR linux-meta-gke-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1011.12~18.04.1').
  • OR linux-meta-hwe package in bionic was vulnerable but has been fixed (note: '5.3.0-26.28~18.04.1').
  • OR linux-meta-kvm package in bionic is affected and needs fixing.
  • OR linux-meta-oem package in bionic is affected and needs fixing.
  • OR linux-meta-oem-osp1 package in bionic was vulnerable but has been fixed (note: '5.0.0-1033.38').
  • OR linux-meta-oracle package in bionic is affected and needs fixing.
  • OR linux-meta-oracle-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1009.14~18.04.1').
  • OR linux-meta-raspi2 package in bionic is affected and needs fixing.
  • OR linux-meta-raspi2-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1017.19~18.04.1').
  • OR linux-meta-snapdragon package in bionic is affected and needs fixing.
  • OR linux-oem package in bionic is affected and needs fixing.
  • OR linux-oem-osp1 package in bionic was vulnerable but has been fixed (note: '5.0.0-1033.38').
  • OR linux-oracle package in bionic is affected and needs fixing.
  • OR linux-oracle-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1009.14~18.04.1').
  • OR linux-raspi2 package in bionic is affected and needs fixing.
  • OR linux-raspi2-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1017.19~18.04.1').
  • OR linux-signed package in bionic is affected and needs fixing.
  • OR linux-signed-azure package in bionic was vulnerable but has been fixed (note: '5.0.0-1028.30~18.04.1').
  • OR linux-signed-azure-5.3 package in bionic was vulnerable but has been fixed (note: '5.3.0-1008.9~18.04.1').
  • OR linux-signed-gcp package in bionic was vulnerable but has been fixed (note: '5.0.0-1028.29~18.04.1').
  • OR linux-signed-gcp-5.3 package in bionic was vulnerable but has been fixed (note: '5.3.0-1009.10~18.04.1').
  • OR linux-signed-gke-4.15 package in bionic is affected and needs fixing.
  • OR linux-signed-gke-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1027.28~18.04.1').
  • OR linux-signed-gke-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1011.12~18.04.1').
  • OR linux-signed-hwe package in bionic was vulnerable but has been fixed (note: '5.3.0-26.28~18.04.1').
  • OR linux-signed-oem package in bionic is affected and needs fixing.
  • OR linux-signed-oem-osp1 package in bionic was vulnerable but has been fixed (note: '5.0.0-1033.38').
  • OR linux-signed-oracle package in bionic is affected and needs fixing.
  • OR linux-signed-oracle-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1009.14~18.04.1').
  • OR linux-snapdragon package in bionic is affected and needs fixing.
    • BACK