bonsoir voilà
kiki@kiki-Aspire-F5-573G:~$ sudo canonical-livepatch status --verbose
[sudo] Mot de passe de kiki :
{
"Client-Version": "9.5.5",
"Architecture": "x86_64",
"CPU-Model": "Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz",
"Last-Check": "2021-01-21T14:11:51+01:00",
"Boot-Time": "2021-01-24T06:33:09Z",
"Uptime": "39181",
"Status": [
{
"Kernel": "5.4.0-52.57-generic",
"Running": true,
"Livepatch": {
"CheckState": "check-failed",
"CheckInfo": "apply-failed",
"State": "apply-failed",
"Version": "74.1",
"Fixes": [
{
"Name": "cve-2013-1798",
"Description": "The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux \nkernel through 3.8.4 does not properly handle a certain combination of \ninvalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which \nallows guest OS users to obtain sensitive information from host OS \nmemory or cause a denial of service (host OS OOPS) via a crafted \napplication.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2019-0155",
"Description": "Insufficient access control in a subsystem for Intel (R) processor \ngraphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) \nProcessor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold \nSeries; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; \nIntel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) \nProcessor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; \nIntel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or \n26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux \nDriver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, \n4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to \npotentially enable escalation of privilege via local access.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2019-0155:",
"Description": "",
"Bug": "1852141",
"Patched": true
},
{
"Name": "cve-2019-14615",
"Description": "Insufficient control flow in certain data structures for some Intel(R) \nProcessors with Intel(R) Processor Graphics may allow an \nunauthenticated user to potentially enable information disclosure via \nlocal access.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2019-14895",
"Description": "A heap-based buffer overflow was discovered in the Linux kernel, all \nversions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. \nThe flaw could occur when the station attempts a connection negotiation \nduring the handling of the remote devices country settings. This could \nallow the remote device to cause a denial of service (system crash) or \npossibly execute arbitrary code.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2019-14896",
"Description": "A heap-based buffer overflow vulnerability was found in the Linux \nkernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote \nattacker could cause a denial of service (system crash) or, possibly \nexecute arbitrary code, when the lbs_ibss_join_existing function is \ncalled after a STA connects to an AP.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2019-14897",
"Description": "A stack-based buffer overflow was found in the Linux kernel, version \nkernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to \ncause a denial of service (system crash) or, possibly execute arbitrary \ncode, when a STA works in IBSS mode (allows connecting stations \ntogether without the use of an AP) and connects to another STA.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2019-14901",
"Description": "A heap overflow flaw was found in the Linux kernel, all versions 3.x.x \nand 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability \nallows a remote attacker to cause a system crash, resulting in a denial \nof service, or execute arbitrary code. The highest threat with this \nvulnerability is with the availability of the system. If code execution \noccurs, the code will run with the permissions of root. This will \naffect both confidentiality and integrity of files on the system.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2019-18885",
"Description": "fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a \nbtrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs \nimage because fs_devices-\u003edevices is mishandled within find_device, aka \nCID-09ba3bc9dd15.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2019-19642",
"Description": "On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS \n02.68, the Virtual Media feature allows OS Command Injection by \nauthenticated attackers who can send HTTP requests to the IPMI IP \naddress. This requires a POST to /rpc/setvmdrive.asp with shell \nmetacharacters in ShareHost or ShareName. The attacker can achieve a \npersistent backdoor.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2019-20096",
"Description": "In the Linux kernel before 5.1, there is a memory leak in \n__feat_register_sp() in net/dccp/feat.c, which may cause denial of \nservice, aka CID-1d3ff0950e2b.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2019-3016",
"Description": "In a Linux KVM guest that has PV TLB enabled, a process in the guest \nkernel may be able to read memory locations from another process in the \nsame guest. This problem is limit to the host running linux kernel 4.10 \nwith a guest running linux kernel 4.16 or later. The problem mainly \naffects AMD processors but Intel CPUs cannot be ruled out.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-10757",
"Description": "A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the \nway mremap handled DAX Huge Pages. This flaw allows a local attacker \nwith access to a DAX enabled storage to escalate their privileges on \nthe system.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-11494",
"Description": "An issue was discovered in slc_bump in drivers/net/can/slcan.c in the \nLinux kernel 3.16 through 5.6.2. It allows attackers to read \nuninitialized can_frame data, potentially containing sensitive \ninformation from kernel stack memory, if the configuration lacks \nCONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-11935",
"Description": "cvelist lib tardir usr RESERVED cvelist lib tardir usr This candidate \nhas been reserved by an organization or individual that will use it \nwhen announcing a new security problem. When the candidate has been \npublicized, the details for this candidate will be provided.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-12114",
"Description": "A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x \nbefore 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x \nbefore 4.19.119, and 5.x before 5.3 allows local users to cause a \ndenial of service (panic) by corrupting a mountpoint reference counter.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-12351",
"Description": "Improper input validation in BlueZ may allow an unauthenticated user to \npotentially enable escalation of privilege via adjacent access.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-12352",
"Description": "Improper access control in BlueZ may allow an unauthenticated user to \npotentially enable information disclosure via adjacent access.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-14386",
"Description": "A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption \ncan be exploited to gain root privileges from unprivileged processes. \nThe highest threat from this vulnerability is to data confidentiality \nand integrity.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-14416",
"Description": "In the Linux kernel before 5.4.16, a race condition in tty-\u003edisc_data \nhandling in the slip and slcan line discipline could lead to a \nuse-after-free, aka CID-0ace17d56824. This affects \ndrivers/net/slip/slip.c and drivers/net/can/slcan.c.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-16119",
"Description": "Use-after-free vulnerability in the Linux kernel exploitable by a local \nattacker due to reuse of a DCCP socket with an attached \ndccps_hc_tx_ccid object as a listener after being released. Fixed in \nUbuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, \n4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-16120",
"Description": "cvelist lib tardir usr RESERVED cvelist lib tardir usr This candidate \nhas been reserved by an organization or individual that will use it \nwhen announcing a new security problem. When the candidate has been \npublicized, the details for this candidate will be provided.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-24490",
"Description": "cvelist lib tardir usr RESERVED cvelist lib tardir usr This candidate \nhas been reserved by an organization or individual that will use it \nwhen announcing a new security problem. When the candidate has been \npublicized, the details for this candidate will be provided.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-2732",
"Description": "A flaw was discovered in the way that the KVM hypervisor handled \ninstruction emulation for an L2 guest when nested virtualisation is \nenabled. Under some circumstances, an L2 guest may trick the L0 guest \ninto accessing sensitive L1 resources that should be inaccessible to \nthe L2 guest.\" \"** RESERVED cvelist lib tardir usr This candidate has \nbeen reserved by an organization or individual that will use it when \nannouncing a new security problem. When the candidate has been \npublicized, the details for this candidate will be provided.\" \"** \nRESERVED cvelist lib tardir usr This candidate has been reserved by an \norganization or individual that will use it when announcing a new \nsecurity problem. When the candidate has been publicized, the details \nfor this candidate will be provided.\" \"** RESERVED cvelist lib tardir \nusr This candidate has been reserved by an organization or individual \nthat will use it when announcing a new security problem. When the \ncandidate has been publicized, the details for this candidate will be \nprovided.\" \"** RESERVED cvelist lib tardir usr This candidate has been \nreserved by an organization or individual that will use it when \nannouncing a new security problem. When the candidate has been \npublicized, the details for this candidate will be provided.\" \"** \nRESERVED cvelist lib tardir usr This candidate has been reserved by an \norganization or individual that will use it when announcing a new \nsecurity problem. When the candidate has been publicized, the details \nfor this candidate will be provided.\" \"** RESERVED cvelist lib tardir \nusr This candidate has been reserved by an organization or individual \nthat will use it when announcing a new security problem. When the \ncandidate has been publicized, the details for this candidate will be \nprovided.\" \"** RESERVED cvelist lib tardir usr This candidate has been \nreserved by an organization or individual that will use it when \nannouncing a new security problem. When the candidate has been \npublicized, the details for this candidate will be provided.\" \"** \nRESERVED cvelist lib tardir usr This candidate has been reserved by an \norganization or individual that will use it when announcing a new \nsecurity problem. When the candidate has been publicized, the details \nfor this candidate will be provided.\" \"** RESERVED cvelist lib tardir \nusr This candidate has been reserved by an organization or individual \nthat will use it when announcing a new security problem. When the \ncandidate has been publicized, the details for this candidate will be \nprovided.\" \"** RESERVED cvelist lib tardir usr This candidate has been \nreserved by an organization or individual that will use it when \nannouncing a new security problem. When the candidate has been \npublicized, the details for this candidate will be provided.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-28374",
"Description": "In drivers/target/target_core_xcopy.c in the Linux kernel before \n5.10.7, insufficient identifier checking in the LIO SCSI target code \ncan be used by remote attackers to read or write files via directory \ntraversal in an XCOPY request, aka CID-2896c93811e3. For example, an \nattack can occur over a network if the attacker has access to one iSCSI \nLUN. The attacker gains control over file access because I/O operations \nare proxied via an attacker-selected backstore.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-8647",
"Description": "There is a use-after-free vulnerability in the Linux kernel through \n5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-8648",
"Description": "There is a use-after-free vulnerability in the Linux kernel through \n5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.",
"Bug": "",
"Patched": true
},
{
"Name": "cve-2020-8649",
"Description": "There is a use-after-free vulnerability in the Linux kernel through \n5.5.2 in the vgacon_invert_region function in \ndrivers/video/console/vgacon.c.",
"Bug": "",
"Patched": true
}
]
}
}
]
}
