SB2021041392 - Ubuntu update for linux-oem-5.10

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021041392

SB2021041392 - Ubuntu update for linux-oem-5.10

Published: April 13, 2021

Security Bulletin ID SB2021041392
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Null pointer dereference (CVE-ID: CVE-2020-25639)

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.


2) Allocation of resources without limits or throttling (CVE-ID: CVE-2021-28038)

The vulnerability allows a local user to a crash the entire system.

The vulnerability exists due to allocation of resources without limits or throttling error within the xenvif_tx_action() function in drivers/net/xen-netback/netback.c. A local user can a crash the entire system.


3) Missing authorization (CVE-ID: CVE-2021-28375)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to missing authorization error within the fastrpc_internal_invoke() function in drivers/misc/fastrpc.c. A local user can execute arbitrary code.


4) Excessive Iteration (CVE-ID: CVE-2021-28950)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive iteration in fs/fuse/fuse_i.h in the Linux kernel. A local user can run a specially crafted program to perform a denial of service attack.


Remediation

Install update from vendor's website.

References