Ubuntu update for linux

1) Improper access control

EUVDB-ID: #VU48371

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-8694

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the Linux kernel driver. A local user can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.

Affected products:

Product Collection	Vertical Segment	CPUID
8th Generation Intel® Core™ Processor Family	Mobile	806E9
10th Generation Intel® Core™ Processor Family	Mobile	806EC
8th Generation Intel® Core™ Processor Family	Mobile	906EA
9th Generation Intel® Core™ Processor Family	Mobile	906EC
8th Generation Intel® Core™ Processor Family	Desktop	906EA
9th Generation Intel® Core™ Processor Family	Desktop	906EC
Intel® Xeon® Processor E Family	Server Workstation AMT Server	906EA
8th Generation Intel® Core™ Processor Family	Mobile	806EA
8th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Series Intel® Celeron® Processor G Series	Desktop	906EB
Intel® Xeon® Processor E Family	Server Workstation AMT Server	906EA
8th Generation Intel® Core™ Processor Family	Desktop	906EA
9th Generation Intel® Core™ Processor Family	Desktop	906ED
9th Generation Intel® Core™ Processor Family	Desktop	906ED
10th Generation Intel® Core™ Processor Family	Mobile	A0660
10th Generation Intel® Core™ Processor Family	Mobile	A0661
10th Generation Intel® Core™ Processor Family	Mobile	806EC
10th Generation Intel® Core™ Processor Family	Desktop	A0653
10th Generation Intel® Core™ Processor Family	Mobile	A0655
10th Generation Intel® Core™ Processor Family	Mobile	A0652
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series	Desktop Mobile Embedded	706A1
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series	Desktop Mobile Embedded	706A8
10th Generation Intel® Core™ Processor Family	Mobile	706E5
8th Generation Intel® Core™ Processor Family	Mobile	906E9
7th Generation Intel® Core™ Processor Family	Mobile Embedded	906E9
8th Generation Intel® Core™  Processor Family	Mobile	806EA
7th Generation Intel® Core™ Processor Family	Desktop Embedded	906E9
7th Generation Intel® Core™ Processor Family	Mobile	806E9
7th Generation Intel® Core™ Processor Family	Mobile	806E9
Intel® Core™ X-series Processors	Desktop	906E9
Intel® Xeon® Processor E3 v6 Family	Server Workstation AMT Server	906E9
7th Generation Intel® Core™ Processor Family	Mobile	806E9
6th Generation Intel® Core™ Processor Family	Mobile	506E3
6th Generation Intel® Core™ Processor Family	Desktop Embedded	506E3
6th Generation Intel® Core™ Processors	Mobile	406E3
6th Generation Intel® Core™ Processor Family	Mobile	406E3
Intel® Xeon® Processor E3 v5 Family	Server Workstation AMT Server	506E3
6th Generation Intel® Core™ Processor Family	Mobile	406E3
8th Generation Intel® Core™ Processors	Mobile	806EB
8th Generation Intel® Core™ Processors	Mobile	806EC

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 12.04 - 20.04

linux-image-generic-lts-trusty (Ubuntu package): before 3.13.0.183.169

linux-image-generic-lpae-lts-trusty (Ubuntu package): before 3.13.0.183.169

linux-image-virtual-lts-xenial (Ubuntu package): before 4.4.0.194.170

linux-image-server (Ubuntu package): before 3.13.0.183.192

linux-image-powerpc64-smp-lts-xenial (Ubuntu package): before 4.4.0.194.170

linux-image-powerpc64-emb-lts-xenial (Ubuntu package): before 4.4.0.194.170

linux-image-powerpc-smp-lts-xenial (Ubuntu package): before 4.4.0.194.170

linux-image-powerpc-e500mc-lts-xenial (Ubuntu package): before 4.4.0.194.170

linux-image-powerpc-e500 (Ubuntu package): before 3.13.0.183.192

linux-image-omap (Ubuntu package): before 3.13.0.183.192

linux-image-lowlatency-pae (Ubuntu package): before 3.13.0.183.192

linux-image-lowlatency-lts-xenial (Ubuntu package): before 4.4.0.194.170

linux-image-highbank (Ubuntu package): before 3.13.0.183.192

linux-image-generic-pae (Ubuntu package): before 3.13.0.183.192

linux-image-generic-lts-xenial (Ubuntu package): before 4.4.0.194.170

linux-image-generic-lpae-lts-xenial (Ubuntu package): before 4.4.0.194.170

linux-image-3.13.0-183-powerpc64-smp (Ubuntu package): before 3.13.0-183.234

linux-image-3.13.0-183-powerpc64-emb (Ubuntu package): before 3.13.0-183.234

linux-image-3.13.0-183-powerpc-smp (Ubuntu package): before 3.13.0-183.234

linux-image-3.13.0-183-powerpc-e500mc (Ubuntu package): before 3.13.0-183.234

linux-image-3.13.0-183-powerpc-e500 (Ubuntu package): before 3.13.0-183.234

linux-image-3.13.0-183-lowlatency (Ubuntu package): before 3.13.0-183.234~12.04.1

linux-image-3.13.0-183-generic-lpae (Ubuntu package): before 3.13.0-183.234~12.04.1

linux-image-3.13.0-183-generic (Ubuntu package): before 3.13.0-183.234~12.04.1

linux-image-powerpc64-smp (Ubuntu package): before 3.13.0.183.192

linux-image-powerpc64-emb (Ubuntu package): before 3.13.0.183.192

linux-image-powerpc-smp (Ubuntu package): before 3.13.0.183.192

linux-image-powerpc-e500mc (Ubuntu package): before 3.13.0.183.192

linux-image-4.4.0-194-powerpc64-smp (Ubuntu package): before 4.4.0-194.226~14.04.1

linux-image-4.4.0-194-powerpc64-emb (Ubuntu package): before 4.4.0-194.226~14.04.1

linux-image-4.4.0-194-powerpc-smp (Ubuntu package): before 4.4.0-194.226~14.04.1

linux-image-4.4.0-194-powerpc-e500mc (Ubuntu package): before 4.4.0-194.226~14.04.1

linux-image-4.4.0-194-lowlatency (Ubuntu package): before 4.4.0-194.226~14.04.1

linux-image-4.4.0-194-generic-lpae (Ubuntu package): before 4.4.0-194.226~14.04.1

linux-image-4.4.0-194-generic (Ubuntu package): before 4.4.0-194.226~14.04.1

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.4.0.53.56

linux-image-virtual (Ubuntu package): before 3.13.0.183.192

linux-image-oracle (Ubuntu package): before 4.15.0.1058.47

linux-image-oem-osp1 (Ubuntu package): before 5.0.0.1071.69

linux-image-oem (Ubuntu package): before 4.15.0.123.123

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.4.0.53.56

linux-image-lowlatency (Ubuntu package): before 3.13.0.183.192

linux-image-gke (Ubuntu package): before 4.15.0.1073.77

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.4.0.53.56

linux-image-generic-lpae (Ubuntu package): before 3.13.0.183.192

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.4.0.53.56

linux-image-generic (Ubuntu package): before 3.13.0.183.192

linux-image-gcp (Ubuntu package): before 4.15.0.1087.88

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.53.59~18.04.47

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.53.59~18.04.47

linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1058.68

linux-image-oracle-edge (Ubuntu package): before 5.4.0.1029.13

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.53.59~18.04.47

linux-image-gkeop-5.3 (Ubuntu package): before 5.3.0.69.126

linux-image-gke-5.3 (Ubuntu package): before 5.3.0.1039.22

linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1073.77

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.53.59~18.04.47

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.53.59~18.04.47

linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1087.105

linux-image-gcp-edge (Ubuntu package): before 5.4.0.1029.17

linux-image-5.4.0-53-lowlatency (Ubuntu package): before 5.4.0-53.59~18.04.1

linux-image-5.4.0-53-generic-lpae (Ubuntu package): before 5.4.0-53.59~18.04.1

linux-image-5.4.0-53-generic (Ubuntu package): before 5.4.0-53.59~18.04.1

linux-image-5.4.0-1029-oracle (Ubuntu package): before 5.4.0-1029.31~18.04.1

linux-image-5.4.0-1029-gcp (Ubuntu package): before 5.4.0-1029.31~18.04.1

linux-image-5.3.0-69-lowlatency (Ubuntu package): before 5.3.0-69.65

linux-image-5.3.0-69-generic (Ubuntu package): before 5.3.0-69.65

linux-image-5.3.0-1039-gke (Ubuntu package): before 5.3.0-1039.42

linux-image-5.0.0-1071-oem-osp1 (Ubuntu package): before 5.0.0-1071.77

linux-image-4.15.0-123-lowlatency (Ubuntu package): before 4.15.0-123.126~16.04.1

linux-image-4.15.0-123-generic-lpae (Ubuntu package): before 4.15.0-123.126~16.04.1

linux-image-4.15.0-123-generic (Ubuntu package): before 4.15.0-123.126~16.04.1

linux-image-4.15.0-1101-oem (Ubuntu package): before 4.15.0-1101.112

linux-image-4.15.0-1087-gcp (Ubuntu package): before 4.15.0-1087.100~16.04.1

linux-image-4.15.0-1073-gke (Ubuntu package): before 4.15.0-1073.78

linux-image-4.15.0-1058-oracle (Ubuntu package): before 4.15.0-1058.64~16.04.1

linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.123.123

linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.123.123

linux-image-generic-lpae-hwe-16.04 (Ubuntu package): before 4.15.0.123.123

linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.123.123

CPE2.3

• cpe:2.3:o:canonical:ubuntu:12.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-generic-lts-trusty:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-generic-lpae-lts-trusty_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-server:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-powerpc64-smp-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-powerpc64-emb-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-powerpc-smp-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-powerpc-e500mc-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-powerpc-e500_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-omap_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-lowlatency-pae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-highbank_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-generic-pae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-generic-lpae-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-3_13_0-183-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-3_13_0-183-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-3_13_0-183-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-3_13_0-183-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-3_13_0-183-powerpc-e500_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-3_13_0-183-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-3_13_0-183-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-3_13_0-183-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-4.4.0-194-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-4.4.0-194-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-4.4.0-194-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-4.4.0-194-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-4.4.0-194-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-4.4.0-194-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-4.4.0-194-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-virtual-hwe-20.04:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-lowlatency-hwe-20.04:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-generic-hwe-20.04:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-oracle-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-gkeop-5.3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-gke-5.3_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-gcp-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.4.0-53-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.4.0-53-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.4.0-53-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.4.0-1029-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.4.0-1029-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.3.0-69-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.3.0-69-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.3.0-1039-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.0.0-1071-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-4.15.0-123-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-4.15.0-123-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-4.15.0-123-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-4.15.0-1101-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-4.15.0-1087-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-4.15.0-1073-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-4.15.0-1058-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-4627-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.