Ubuntu update for linux



| Updated: 2025-04-23
Risk High
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2020-0423
CVE-2020-10135
CVE-2020-14351
CVE-2020-14390
CVE-2020-25211
CVE-2020-25284
CVE-2020-25643
CVE-2020-25645
CVE-2020-25705
CVE-2020-28915
CVE-2020-4788
CWE-ID CWE-20
CWE-300
CWE-416
CWE-125
CWE-119
CWE-863
CWE-319
CWE-330
CWE-126
CWE-200
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #9 is available.
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

linux-image-virtual-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-raspi2 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-raspi (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-osp1 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gke (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1028-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-raspi-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1023-raspi (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-snapdragon-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-56-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-56-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-56-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1032-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1030-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1030-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1030-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU47453

Risk: High

CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2020-0423

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the Binder component in OS kernel. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-virtual (Ubuntu package): before 5.4.0.56.59

linux-image-raspi2 (Ubuntu package): before 5.4.0.1023.58

linux-image-raspi (Ubuntu package): before 5.4.0.1023.58

linux-image-oracle (Ubuntu package): before 5.4.0.1030.14

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.56.59

linux-image-oem (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency (Ubuntu package): before 5.4.0.56.59

linux-image-kvm (Ubuntu package): before 5.4.0.1028.26

linux-image-gke (Ubuntu package): before 5.4.0.1030.38

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic-lpae (Ubuntu package): before 5.4.0.56.59

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic (Ubuntu package): before 5.4.0.56.59

linux-image-gcp (Ubuntu package): before 5.4.0.1030.18

linux-image-azure (Ubuntu package): before 5.4.0.1032.14

linux-image-aws (Ubuntu package): before 5.4.0.1030.15

linux-image-5.4.0-1028-kvm (Ubuntu package): before 5.4.0-1028.29

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1023.27

linux-image-5.4.0-1023-raspi (Ubuntu package): before 5.4.0-1023.26~18.04.1

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-5.4.0-56-lowlatency (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic-lpae (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-1032-azure (Ubuntu package): before 5.4.0-1032.33~18.04.1

linux-image-5.4.0-1030-oracle (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-gcp (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-aws (Ubuntu package): before 5.4.0-1030.31~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4658-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Man-in-the-Middle (MitM) attack

EUVDB-ID: #VU28001

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-10135

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a Man-in-the-Middle (MitM) attack.

The vulnerability exists in the implementation of Bluetooth v5.0, v4.2, v4.1, v4.0 on devices manufactured by multiple vendors. A remote attacker with physical proximity to the victim can successful perform a MitM attack even against previously paired devices and gain access to sensitive information.

Below is the list of chips and devices, confirmed to be vulnerable:

Chip Device
Bluetooth v5.0
Apple 339S00397 iPhone 8
CYW20819 CYW920819EVB-02
Intel 9560 ThinkPad L390
Snapdragon 630 Nokia 7
Snapdragon 636 Nokia X6
Snapdragon 835 Pixel 2
Snapdragon 845 Pixel 3, OnePlus 6
Bluetooth v4.2
Apple 339S00056 MacBookPro 2017
Apple 339S00199 iPhone 7plus
Apple 339S00448 iPad 2018
CSR 11393 Sennheiser PXC 550
Exynos 7570 Galaxy J3 2017
Intel 7265 ThinkPad X1 3rd
Intel 8260 HP ProBook 430 G3
Bluetooth v4.1
CYW4334 iPhone 5s
CYW4339 Nexus 5, iPhone 6
CYW43438 RPi 3B+
Snapdragon 210 LG K4
Snapdragon 410 Motorola G3, Galaxy J5
Bluetooth <= v4.0
BCM20730 ThinkPad 41U5008
BCM4329B1 iPad MC349LL
CSR 6530 PLT BB903+
CSR 8648 Philips SHB7250
Exynos 3470 Galaxy S5 mini
Exynos 3475 Galaxy J3 2016
Intel 1280 Lenovo U430
Intel 6205 ThinkPad X230
Snapdragon 200 Lumia 530

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-virtual (Ubuntu package): before 5.4.0.56.59

linux-image-raspi2 (Ubuntu package): before 5.4.0.1023.58

linux-image-raspi (Ubuntu package): before 5.4.0.1023.58

linux-image-oracle (Ubuntu package): before 5.4.0.1030.14

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.56.59

linux-image-oem (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency (Ubuntu package): before 5.4.0.56.59

linux-image-kvm (Ubuntu package): before 5.4.0.1028.26

linux-image-gke (Ubuntu package): before 5.4.0.1030.38

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic-lpae (Ubuntu package): before 5.4.0.56.59

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic (Ubuntu package): before 5.4.0.56.59

linux-image-gcp (Ubuntu package): before 5.4.0.1030.18

linux-image-azure (Ubuntu package): before 5.4.0.1032.14

linux-image-aws (Ubuntu package): before 5.4.0.1030.15

linux-image-5.4.0-1028-kvm (Ubuntu package): before 5.4.0-1028.29

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1023.27

linux-image-5.4.0-1023-raspi (Ubuntu package): before 5.4.0-1023.26~18.04.1

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-5.4.0-56-lowlatency (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic-lpae (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-1032-azure (Ubuntu package): before 5.4.0-1032.33~18.04.1

linux-image-5.4.0-1030-oracle (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-gcp (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-aws (Ubuntu package): before 5.4.0-1030.31~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4658-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU51544

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-14351

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the perf subsystem. A local user with permission to monitor perf events cam corrupt memory and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-virtual (Ubuntu package): before 5.4.0.56.59

linux-image-raspi2 (Ubuntu package): before 5.4.0.1023.58

linux-image-raspi (Ubuntu package): before 5.4.0.1023.58

linux-image-oracle (Ubuntu package): before 5.4.0.1030.14

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.56.59

linux-image-oem (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency (Ubuntu package): before 5.4.0.56.59

linux-image-kvm (Ubuntu package): before 5.4.0.1028.26

linux-image-gke (Ubuntu package): before 5.4.0.1030.38

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic-lpae (Ubuntu package): before 5.4.0.56.59

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic (Ubuntu package): before 5.4.0.56.59

linux-image-gcp (Ubuntu package): before 5.4.0.1030.18

linux-image-azure (Ubuntu package): before 5.4.0.1032.14

linux-image-aws (Ubuntu package): before 5.4.0.1030.15

linux-image-5.4.0-1028-kvm (Ubuntu package): before 5.4.0-1028.29

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1023.27

linux-image-5.4.0-1023-raspi (Ubuntu package): before 5.4.0-1023.26~18.04.1

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-5.4.0-56-lowlatency (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic-lpae (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-1032-azure (Ubuntu package): before 5.4.0-1032.33~18.04.1

linux-image-5.4.0-1030-oracle (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-gcp (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-aws (Ubuntu package): before 5.4.0-1030.31~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4658-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU47220

Risk: Medium

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-14390

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to an out-of-bounds read that occurs leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-virtual (Ubuntu package): before 5.4.0.56.59

linux-image-raspi2 (Ubuntu package): before 5.4.0.1023.58

linux-image-raspi (Ubuntu package): before 5.4.0.1023.58

linux-image-oracle (Ubuntu package): before 5.4.0.1030.14

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.56.59

linux-image-oem (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency (Ubuntu package): before 5.4.0.56.59

linux-image-kvm (Ubuntu package): before 5.4.0.1028.26

linux-image-gke (Ubuntu package): before 5.4.0.1030.38

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic-lpae (Ubuntu package): before 5.4.0.56.59

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic (Ubuntu package): before 5.4.0.56.59

linux-image-gcp (Ubuntu package): before 5.4.0.1030.18

linux-image-azure (Ubuntu package): before 5.4.0.1032.14

linux-image-aws (Ubuntu package): before 5.4.0.1030.15

linux-image-5.4.0-1028-kvm (Ubuntu package): before 5.4.0-1028.29

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1023.27

linux-image-5.4.0-1023-raspi (Ubuntu package): before 5.4.0-1023.26~18.04.1

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-5.4.0-56-lowlatency (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic-lpae (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-1032-azure (Ubuntu package): before 5.4.0-1032.33~18.04.1

linux-image-5.4.0-1030-oracle (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-gcp (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-aws (Ubuntu package): before 5.4.0-1030.31~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4658-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU51545

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25211

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to crash the system.

The vulnerability exists due to a boundary error within the ctnetlink_parse_tuple_filter() function in net/netfilter/nf_conntrack_netlink.c. A local user can inject conntrack netlink configuration, trigger buffer overflow and crash the kernel or force usage of incorrect protocol numbers.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-virtual (Ubuntu package): before 5.4.0.56.59

linux-image-raspi2 (Ubuntu package): before 5.4.0.1023.58

linux-image-raspi (Ubuntu package): before 5.4.0.1023.58

linux-image-oracle (Ubuntu package): before 5.4.0.1030.14

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.56.59

linux-image-oem (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency (Ubuntu package): before 5.4.0.56.59

linux-image-kvm (Ubuntu package): before 5.4.0.1028.26

linux-image-gke (Ubuntu package): before 5.4.0.1030.38

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic-lpae (Ubuntu package): before 5.4.0.56.59

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic (Ubuntu package): before 5.4.0.56.59

linux-image-gcp (Ubuntu package): before 5.4.0.1030.18

linux-image-azure (Ubuntu package): before 5.4.0.1032.14

linux-image-aws (Ubuntu package): before 5.4.0.1030.15

linux-image-5.4.0-1028-kvm (Ubuntu package): before 5.4.0-1028.29

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1023.27

linux-image-5.4.0-1023-raspi (Ubuntu package): before 5.4.0-1023.26~18.04.1

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-5.4.0-56-lowlatency (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic-lpae (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-1032-azure (Ubuntu package): before 5.4.0-1032.33~18.04.1

linux-image-5.4.0-1030-oracle (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-gcp (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-aws (Ubuntu package): before 5.4.0-1030.31~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4658-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Incorrect authorization

EUVDB-ID: #VU92423

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25284

CWE-ID: CWE-863 - Incorrect Authorization

Exploit availability: No

Description

The vulnerability allows a local privileged user to manipulate data.

The vulnerability exists due to incorrect authorization error within the rbd_config_info_show(), rbd_image_refresh(), do_rbd_add() and do_rbd_remove() functions in drivers/block/rbd.c. A local privileged user can manipulate data.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-virtual (Ubuntu package): before 5.4.0.56.59

linux-image-raspi2 (Ubuntu package): before 5.4.0.1023.58

linux-image-raspi (Ubuntu package): before 5.4.0.1023.58

linux-image-oracle (Ubuntu package): before 5.4.0.1030.14

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.56.59

linux-image-oem (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency (Ubuntu package): before 5.4.0.56.59

linux-image-kvm (Ubuntu package): before 5.4.0.1028.26

linux-image-gke (Ubuntu package): before 5.4.0.1030.38

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic-lpae (Ubuntu package): before 5.4.0.56.59

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic (Ubuntu package): before 5.4.0.56.59

linux-image-gcp (Ubuntu package): before 5.4.0.1030.18

linux-image-azure (Ubuntu package): before 5.4.0.1032.14

linux-image-aws (Ubuntu package): before 5.4.0.1030.15

linux-image-5.4.0-1028-kvm (Ubuntu package): before 5.4.0-1028.29

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1023.27

linux-image-5.4.0-1023-raspi (Ubuntu package): before 5.4.0-1023.26~18.04.1

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-5.4.0-56-lowlatency (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic-lpae (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-1032-azure (Ubuntu package): before 5.4.0-1032.33~18.04.1

linux-image-5.4.0-1030-oracle (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-gcp (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-aws (Ubuntu package): before 5.4.0-1030.31~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4658-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU51881

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-25643

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the HDLC_PPP module of the Linux kernel in the ppp_cp_parse_cr() function. A remote authenticated user can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-virtual (Ubuntu package): before 5.4.0.56.59

linux-image-raspi2 (Ubuntu package): before 5.4.0.1023.58

linux-image-raspi (Ubuntu package): before 5.4.0.1023.58

linux-image-oracle (Ubuntu package): before 5.4.0.1030.14

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.56.59

linux-image-oem (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency (Ubuntu package): before 5.4.0.56.59

linux-image-kvm (Ubuntu package): before 5.4.0.1028.26

linux-image-gke (Ubuntu package): before 5.4.0.1030.38

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic-lpae (Ubuntu package): before 5.4.0.56.59

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic (Ubuntu package): before 5.4.0.56.59

linux-image-gcp (Ubuntu package): before 5.4.0.1030.18

linux-image-azure (Ubuntu package): before 5.4.0.1032.14

linux-image-aws (Ubuntu package): before 5.4.0.1030.15

linux-image-5.4.0-1028-kvm (Ubuntu package): before 5.4.0-1028.29

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1023.27

linux-image-5.4.0-1023-raspi (Ubuntu package): before 5.4.0-1023.26~18.04.1

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-5.4.0-56-lowlatency (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic-lpae (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-1032-azure (Ubuntu package): before 5.4.0-1032.33~18.04.1

linux-image-5.4.0-1030-oracle (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-gcp (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-aws (Ubuntu package): before 5.4.0-1030.31~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4658-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Cleartext transmission of sensitive information

EUVDB-ID: #VU51546

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-25645

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to traffic passed between two Geneve endpoints with configured IPsec can be unencrypted for the specific UDP port. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-virtual (Ubuntu package): before 5.4.0.56.59

linux-image-raspi2 (Ubuntu package): before 5.4.0.1023.58

linux-image-raspi (Ubuntu package): before 5.4.0.1023.58

linux-image-oracle (Ubuntu package): before 5.4.0.1030.14

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.56.59

linux-image-oem (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency (Ubuntu package): before 5.4.0.56.59

linux-image-kvm (Ubuntu package): before 5.4.0.1028.26

linux-image-gke (Ubuntu package): before 5.4.0.1030.38

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic-lpae (Ubuntu package): before 5.4.0.56.59

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic (Ubuntu package): before 5.4.0.56.59

linux-image-gcp (Ubuntu package): before 5.4.0.1030.18

linux-image-azure (Ubuntu package): before 5.4.0.1032.14

linux-image-aws (Ubuntu package): before 5.4.0.1030.15

linux-image-5.4.0-1028-kvm (Ubuntu package): before 5.4.0-1028.29

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1023.27

linux-image-5.4.0-1023-raspi (Ubuntu package): before 5.4.0-1023.26~18.04.1

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-5.4.0-56-lowlatency (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic-lpae (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-1032-azure (Ubuntu package): before 5.4.0-1032.33~18.04.1

linux-image-5.4.0-1030-oracle (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-gcp (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-aws (Ubuntu package): before 5.4.0-1030.31~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4658-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use of insufficiently random values

EUVDB-ID: #VU49150

Risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2020-25705

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-virtual (Ubuntu package): before 5.4.0.56.59

linux-image-raspi2 (Ubuntu package): before 5.4.0.1023.58

linux-image-raspi (Ubuntu package): before 5.4.0.1023.58

linux-image-oracle (Ubuntu package): before 5.4.0.1030.14

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.56.59

linux-image-oem (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency (Ubuntu package): before 5.4.0.56.59

linux-image-kvm (Ubuntu package): before 5.4.0.1028.26

linux-image-gke (Ubuntu package): before 5.4.0.1030.38

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic-lpae (Ubuntu package): before 5.4.0.56.59

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic (Ubuntu package): before 5.4.0.56.59

linux-image-gcp (Ubuntu package): before 5.4.0.1030.18

linux-image-azure (Ubuntu package): before 5.4.0.1032.14

linux-image-aws (Ubuntu package): before 5.4.0.1030.15

linux-image-5.4.0-1028-kvm (Ubuntu package): before 5.4.0-1028.29

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1023.27

linux-image-5.4.0-1023-raspi (Ubuntu package): before 5.4.0-1023.26~18.04.1

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-5.4.0-56-lowlatency (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic-lpae (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-1032-azure (Ubuntu package): before 5.4.0-1032.33~18.04.1

linux-image-5.4.0-1030-oracle (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-gcp (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-aws (Ubuntu package): before 5.4.0-1030.31~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4658-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Buffer Over-read

EUVDB-ID: #VU64793

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-28915

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a local user with physical access to perform a denial of service attack.

The vulnerability exists due to an out-of-bounds (OOB) memory access flaw in fbcon_get_font() function in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A local user with special user privilege and with physical access can gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-virtual (Ubuntu package): before 5.4.0.56.59

linux-image-raspi2 (Ubuntu package): before 5.4.0.1023.58

linux-image-raspi (Ubuntu package): before 5.4.0.1023.58

linux-image-oracle (Ubuntu package): before 5.4.0.1030.14

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.56.59

linux-image-oem (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency (Ubuntu package): before 5.4.0.56.59

linux-image-kvm (Ubuntu package): before 5.4.0.1028.26

linux-image-gke (Ubuntu package): before 5.4.0.1030.38

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic-lpae (Ubuntu package): before 5.4.0.56.59

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic (Ubuntu package): before 5.4.0.56.59

linux-image-gcp (Ubuntu package): before 5.4.0.1030.18

linux-image-azure (Ubuntu package): before 5.4.0.1032.14

linux-image-aws (Ubuntu package): before 5.4.0.1030.15

linux-image-5.4.0-1028-kvm (Ubuntu package): before 5.4.0-1028.29

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1023.27

linux-image-5.4.0-1023-raspi (Ubuntu package): before 5.4.0-1023.26~18.04.1

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-5.4.0-56-lowlatency (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic-lpae (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-1032-azure (Ubuntu package): before 5.4.0-1032.33~18.04.1

linux-image-5.4.0-1030-oracle (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-gcp (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-aws (Ubuntu package): before 5.4.0-1030.31~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4658-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information disclosure

EUVDB-ID: #VU48577

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-4788

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists in IBM Power9 processors due to unspecified error. A local user can obtain sensitive information from the data in the L1 cache under extenuating circumstances.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-virtual (Ubuntu package): before 5.4.0.56.59

linux-image-raspi2 (Ubuntu package): before 5.4.0.1023.58

linux-image-raspi (Ubuntu package): before 5.4.0.1023.58

linux-image-oracle (Ubuntu package): before 5.4.0.1030.14

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.56.59

linux-image-oem (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-lowlatency (Ubuntu package): before 5.4.0.56.59

linux-image-kvm (Ubuntu package): before 5.4.0.1028.26

linux-image-gke (Ubuntu package): before 5.4.0.1030.38

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic-lpae (Ubuntu package): before 5.4.0.56.59

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.4.0.56.59

linux-image-generic (Ubuntu package): before 5.4.0.56.59

linux-image-gcp (Ubuntu package): before 5.4.0.1030.18

linux-image-azure (Ubuntu package): before 5.4.0.1032.14

linux-image-aws (Ubuntu package): before 5.4.0.1030.15

linux-image-5.4.0-1028-kvm (Ubuntu package): before 5.4.0-1028.29

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1023.27

linux-image-5.4.0-1023-raspi (Ubuntu package): before 5.4.0-1023.26~18.04.1

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.56.62~18.04.50

linux-image-5.4.0-56-lowlatency (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic-lpae (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic (Ubuntu package): before 5.4.0-56.62~18.04.1

linux-image-5.4.0-1032-azure (Ubuntu package): before 5.4.0-1032.33~18.04.1

linux-image-5.4.0-1030-oracle (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-gcp (Ubuntu package): before 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-aws (Ubuntu package): before 5.4.0-1030.31~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4658-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###