Ubuntu update for linux-oem-5.6



Risk Medium
Patch available YES
Number of vulnerabilities 20
CVE-ID CVE-2020-10135
CVE-2020-14314
CVE-2020-15436
CVE-2020-15437
CVE-2020-24490
CVE-2020-25212
CVE-2020-25284
CVE-2020-25641
CVE-2020-25643
CVE-2020-25704
CVE-2020-27152
CVE-2020-27815
CVE-2020-28588
CVE-2020-28915
CVE-2020-29368
CVE-2020-29369
CVE-2020-29371
CVE-2020-29660
CVE-2020-29661
CVE-2020-35508
CWE-ID CWE-300
CWE-125
CWE-416
CWE-476
CWE-119
CWE-367
CWE-863
CWE-835
CWE-401
CWE-681
CWE-126
CWE-787
CWE-362
CWE-667
CWE-665
Exploitation vector Network
Public exploit Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #19 is available.
Vulnerable software
Ubuntu
Operating systems & Components / Operating system

linux-image-oem-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.6.0-1048-oem (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 20 vulnerabilities.

1) Man-in-the-Middle (MitM) attack

EUVDB-ID: #VU28001

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-10135

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a Man-in-the-Middle (MitM) attack.

The vulnerability exists in the implementation of Bluetooth v5.0, v4.2, v4.1, v4.0 on devices manufactured by multiple vendors. A remote attacker with physical proximity to the victim can successful perform a MitM attack even against previously paired devices and gain access to sensitive information.

Below is the list of chips and devices, confirmed to be vulnerable:

Chip Device
Bluetooth v5.0
Apple 339S00397 iPhone 8
CYW20819 CYW920819EVB-02
Intel 9560 ThinkPad L390
Snapdragon 630 Nokia 7
Snapdragon 636 Nokia X6
Snapdragon 835 Pixel 2
Snapdragon 845 Pixel 3, OnePlus 6
Bluetooth v4.2
Apple 339S00056 MacBookPro 2017
Apple 339S00199 iPhone 7plus
Apple 339S00448 iPad 2018
CSR 11393 Sennheiser PXC 550
Exynos 7570 Galaxy J3 2017
Intel 7265 ThinkPad X1 3rd
Intel 8260 HP ProBook 430 G3
Bluetooth v4.1
CYW4334 iPhone 5s
CYW4339 Nexus 5, iPhone 6
CYW43438 RPi 3B+
Snapdragon 210 LG K4
Snapdragon 410 Motorola G3, Galaxy J5
Bluetooth <= v4.0
BCM20730 ThinkPad 41U5008
BCM4329B1 iPad MC349LL
CSR 6530 PLT BB903+
CSR 8648 Philips SHB7250
Exynos 3470 Galaxy S5 mini
Exynos 3475 Galaxy J3 2016
Intel 1280 Lenovo U430
Intel 6205 ThinkPad X230
Snapdragon 200 Lumia 530

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU47106

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-14314

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU51897

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-15436

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in fs/block_dev.c in the Linux kernel. A local user can run a specially crafted program to escalate privileges on the system.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Null pointer dereference

EUVDB-ID: #VU95685

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-15437

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU47549

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2020-24490

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within BlueZ  implementation in Linux kernel. A remote attacker on the local network can pass specially crated data to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU51433

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25212

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a TOCTOU mismatch in the NFS client code in the Linux kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Incorrect authorization

EUVDB-ID: #VU92423

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25284

CWE-ID: CWE-863 - Incorrect Authorization

Exploit availability: No

Description

The vulnerability allows a local privileged user to manipulate data.

The vulnerability exists due to incorrect authorization error within the rbd_config_info_show(), rbd_image_refresh(), do_rbd_add() and do_rbd_remove() functions in drivers/block/rbd.c. A local privileged user can manipulate data.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Infinite loop

EUVDB-ID: #VU48941

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25641

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of biovecs in Linux kernel. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. A local user can issue requests to a block device and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU51881

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-25643

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the HDLC_PPP module of the Linux kernel in the ppp_cp_parse_cr() function. A remote authenticated user can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory leak

EUVDB-ID: #VU55258

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25704

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the Linux kernel performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Infinite loop

EUVDB-ID: #VU52034

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27152

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel. A local user can consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU49169

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27815

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in fs/jfs/jfs_dmap.c. A local user can trigger out-of-bounds read error and crash the kernel.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Incorrect Conversion between Numeric Types

EUVDB-ID: #VU52687

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-28588

CWE-ID: CWE-681 - Incorrect Conversion between Numeric Types

Exploit availability: No

Description

The vulnerability allows a local attacker to gain unauthorized access to sensitive information on the system.

The vulnerability exists due to incorrect conversion between numeric types in the /proc/pid/syscall functionality. A local attacker can read /proc/pid/syscall to trigger this vulnerability, leading to the kernel leaking memory contents.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer Over-read

EUVDB-ID: #VU64793

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-28915

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a local user with physical access to perform a denial of service attack.

The vulnerability exists due to an out-of-bounds (OOB) memory access flaw in fbcon_get_font() function in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A local user with special user privilege and with physical access can gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds write

EUVDB-ID: #VU51549

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-29368

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input within the __split_huge_pmd() function in mm/huge_memory.c in the Linux kernel. A local user can abuse the copy-on-write implementation and gain unintended write access because of a race condition in a THP mapcount check.


Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Race condition

EUVDB-ID: #VU91491

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-29369

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a race condition within the unmap_region(), detach_vmas_to_be_unmapped() and __do_munmap() functions in mm/mmap.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Memory leak

EUVDB-ID: #VU90488

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-29371

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to memory leak within the romfs_dev_read() function in fs/romfs/storage.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper locking

EUVDB-ID: #VU57039

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-29660

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to double-locking error in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c. An authenticated local user can exploit this vulnerability to perform a read-after-free attack against TIOCGSID and gain access to sensitive information.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper locking

EUVDB-ID: #VU51543

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2020-29661

CWE-ID: CWE-667 - Improper Locking

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a escalate privileges on the system.

The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

20) Improper Initialization

EUVDB-ID: #VU55259

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-35508

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper initialization of the process id in the Linux kernel child/parent process identification handling while filtering signal handlers. A local user can run a specially crafted application to bypass checks to send any signal to a privileged process.

Mitigation

Update the affected package linux-oem-5.6 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04 (Ubuntu package): before 5.6.0.1048.44

linux-image-5.6.0-1048-oem (Ubuntu package): before 5.6.0-1048.52

CPE2.3 External links

http://ubuntu.com/security/notices/USN-4752-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###