SB2021022544 - Ubuntu update for linux-oem-5.6
Published: February 25, 2021 Updated: January 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 20 secuirty vulnerabilities.
1) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2020-10135)
The vulnerability allows a remote attacker to perform a Man-in-the-Middle (MitM) attack.
The vulnerability exists in the implementation of Bluetooth v5.0, v4.2, v4.1, v4.0 on devices manufactured by multiple vendors. A remote attacker with physical proximity to the victim can successful perform a MitM attack even against previously paired devices and gain access to sensitive information.
Below is the list of chips and devices, confirmed to be vulnerable:
| Chip | Device |
| Bluetooth v5.0 | |
| Apple 339S00397 | iPhone 8 |
| CYW20819 | CYW920819EVB-02 |
| Intel 9560 | ThinkPad L390 |
| Snapdragon 630 | Nokia 7 |
| Snapdragon 636 | Nokia X6 |
| Snapdragon 835 | Pixel 2 |
| Snapdragon 845 | Pixel 3, OnePlus 6 |
| Bluetooth v4.2 | |
| Apple 339S00056 | MacBookPro 2017 |
| Apple 339S00199 | iPhone 7plus |
| Apple 339S00448 | iPad 2018 |
| CSR 11393 | Sennheiser PXC 550 |
| Exynos 7570 | Galaxy J3 2017 |
| Intel 7265 | ThinkPad X1 3rd |
| Intel 8260 | HP ProBook 430 G3 |
| Bluetooth v4.1 | |
| CYW4334 | iPhone 5s |
| CYW4339 | Nexus 5, iPhone 6 |
| CYW43438 | RPi 3B+ |
| Snapdragon 210 | LG K4 |
| Snapdragon 410 | Motorola G3, Galaxy J5 |
| Bluetooth <= v4.0 | |
| BCM20730 | ThinkPad 41U5008 |
| BCM4329B1 | iPad MC349LL |
| CSR 6530 | PLT BB903+ |
| CSR 8648 | Philips SHB7250 |
| Exynos 3470 | Galaxy S5 mini |
| Exynos 3475 | Galaxy J3 2016 |
| Intel 1280 | Lenovo U430 |
| Intel 6205 | ThinkPad X230 |
| Snapdragon 200 | Lumia 530 |
2) Out-of-bounds read (CVE-ID: CVE-2020-14314)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists.
3) Use-after-free (CVE-ID: CVE-2020-15436)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in fs/block_dev.c in the Linux kernel. A local user can run a specially crafted program to escalate privileges on the system.
4) Null pointer dereference (CVE-ID: CVE-2020-15437)
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.
5) Buffer overflow (CVE-ID: CVE-2020-24490)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within BlueZ implementation in Linux kernel. A remote attacker on the local network can pass specially crated data to the system and perform a denial of service (DoS) attack.
6) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2020-25212)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a TOCTOU mismatch in the NFS client code in the Linux kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.7) Incorrect authorization (CVE-ID: CVE-2020-25284)
The vulnerability allows a local privileged user to manipulate data.
The vulnerability exists due to incorrect authorization error within the rbd_config_info_show(), rbd_image_refresh(), do_rbd_add() and do_rbd_remove() functions in drivers/block/rbd.c. A local privileged user can manipulate data.
8) Infinite loop (CVE-ID: CVE-2020-25641)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect implementation of biovecs in Linux kernel. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. A local user can issue requests to a block device and perform a denial of service (DoS) attack.
9) Out-of-bounds read (CVE-ID: CVE-2020-25643)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the HDLC_PPP module of the Linux kernel in the ppp_cp_parse_cr() function. A remote authenticated user can trigger out-of-bounds read error and read contents of memory on the system.
10) Memory leak (CVE-ID: CVE-2020-25704)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the Linux kernel performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
11) Infinite loop (CVE-ID: CVE-2020-27152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel. A local user can consume all available system resources and cause denial of service conditions.
12) Out-of-bounds read (CVE-ID: CVE-2020-27815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in fs/jfs/jfs_dmap.c. A local user can trigger out-of-bounds read error and crash the kernel.
13) Incorrect Conversion between Numeric Types (CVE-ID: CVE-2020-28588)
The vulnerability allows a local attacker to gain unauthorized access to sensitive information on the system.
The vulnerability exists due to incorrect conversion between numeric types in the /proc/pid/syscall functionality. A local attacker can read /proc/pid/syscall to trigger this vulnerability, leading to the kernel leaking memory contents.
14) Buffer Over-read (CVE-ID: CVE-2020-28915)
The vulnerability allows a local user with physical access to perform a denial of service attack.
The vulnerability exists due to an out-of-bounds (OOB) memory access flaw in fbcon_get_font() function in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A local user with special user privilege and with physical access can gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.
15) Out-of-bounds write (CVE-ID: CVE-2020-29368)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input within the __split_huge_pmd() function in mm/huge_memory.c in the Linux kernel. A local user can abuse the copy-on-write implementation and gain unintended write access because of a race condition in a THP mapcount check.
16) Race condition (CVE-ID: CVE-2020-29369)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a race condition within the unmap_region(), detach_vmas_to_be_unmapped() and __do_munmap() functions in mm/mmap.c. A local user can execute arbitrary code.
17) Memory leak (CVE-ID: CVE-2020-29371)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to memory leak within the romfs_dev_read() function in fs/romfs/storage.c. A local user can gain access to sensitive information.
18) Improper locking (CVE-ID: CVE-2020-29660)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to double-locking error in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c. An authenticated local user can exploit this vulnerability to perform a read-after-free attack against TIOCGSID and gain access to sensitive information.
19) Improper locking (CVE-ID: CVE-2020-29661)
The vulnerability allows a local user to perform a escalate privileges on the system.
The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.
20) Improper Initialization (CVE-ID: CVE-2020-35508)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization of the process id in the Linux kernel child/parent process identification handling while filtering signal handlers. A local user can run a specially crafted application to bypass checks to send any signal to a privileged process.
Remediation
Install update from vendor's website.