Ubuntu update for linux-aws-5.8
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2020-26558 CVE-2021-0129 CVE-2021-28691 CVE-2021-3564 CVE-2021-3573 CVE-2021-38208 |
| CWE-ID | CWE-254 CWE-284 CWE-416 CWE-415 CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-5.8.0-1040-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.8.0-1042-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.8.0-1039-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.8.0-1038-oracle (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Security features bypass
EUVDB-ID: #VU53579
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-26558
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to an impersonation in the Passkey Entry protocol flaw. A remote attacker on the local network can perform a man-in-the-middle (MITM) attack and impersonate the initiating device without any previous knowledge.
Note: This vulnerability affects the following specifications:
- BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2
- BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2
- LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2
Mitigation
Update the affected package linux-aws-5.8 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-5.8.0-1040-azure (Ubuntu package): before 5.8.0-1040.43~20.04.1
linux-image-gcp (Ubuntu package): before 5.8.0.1039.14
linux-image-5.8.0-1042-aws (Ubuntu package): before 5.8.0-1042.44~20.04.1
linux-image-aws (Ubuntu package): before 5.8.0.1042.44~20.04.14
linux-image-oracle (Ubuntu package): before 5.8.0.1038.39~20.04.14
linux-image-azure (Ubuntu package): before 5.8.0.1040.43~20.04.12
linux-image-5.8.0-1039-gcp (Ubuntu package): before 5.8.0-1039.41
linux-image-5.8.0-1038-oracle (Ubuntu package): before 5.8.0-1038.39~20.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1040-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1042-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1039-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1038-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5050-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU54202
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-0129
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote authenticated attacker on the local network can bypass implemented security restrictions and enable information disclosure
MitigationUpdate the affected package linux-aws-5.8 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-5.8.0-1040-azure (Ubuntu package): before 5.8.0-1040.43~20.04.1
linux-image-gcp (Ubuntu package): before 5.8.0.1039.14
linux-image-5.8.0-1042-aws (Ubuntu package): before 5.8.0-1042.44~20.04.1
linux-image-aws (Ubuntu package): before 5.8.0.1042.44~20.04.14
linux-image-oracle (Ubuntu package): before 5.8.0.1038.39~20.04.14
linux-image-azure (Ubuntu package): before 5.8.0.1040.43~20.04.12
linux-image-5.8.0-1039-gcp (Ubuntu package): before 5.8.0-1039.41
linux-image-5.8.0-1038-oracle (Ubuntu package): before 5.8.0-1038.39~20.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1040-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1042-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1039-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1038-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5050-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use after free
EUVDB-ID: #VU95679
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28691
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.
MitigationUpdate the affected package linux-aws-5.8 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-5.8.0-1040-azure (Ubuntu package): before 5.8.0-1040.43~20.04.1
linux-image-gcp (Ubuntu package): before 5.8.0.1039.14
linux-image-5.8.0-1042-aws (Ubuntu package): before 5.8.0-1042.44~20.04.1
linux-image-aws (Ubuntu package): before 5.8.0.1042.44~20.04.14
linux-image-oracle (Ubuntu package): before 5.8.0.1038.39~20.04.14
linux-image-azure (Ubuntu package): before 5.8.0.1040.43~20.04.12
linux-image-5.8.0-1039-gcp (Ubuntu package): before 5.8.0-1039.41
linux-image-5.8.0-1038-oracle (Ubuntu package): before 5.8.0-1038.39~20.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1040-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1042-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1039-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1038-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5050-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Double Free
EUVDB-ID: #VU63660
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3564
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service attack.
The vulnerability exists due to bluetooth subsystem in the Linux kernel does not properly handle HCI device detach events. An attacker with physical access to the system can trigger double free error and perform a denial of service attack.
MitigationUpdate the affected package linux-aws-5.8 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-5.8.0-1040-azure (Ubuntu package): before 5.8.0-1040.43~20.04.1
linux-image-gcp (Ubuntu package): before 5.8.0.1039.14
linux-image-5.8.0-1042-aws (Ubuntu package): before 5.8.0-1042.44~20.04.1
linux-image-aws (Ubuntu package): before 5.8.0.1042.44~20.04.14
linux-image-oracle (Ubuntu package): before 5.8.0.1038.39~20.04.14
linux-image-azure (Ubuntu package): before 5.8.0.1040.43~20.04.12
linux-image-5.8.0-1039-gcp (Ubuntu package): before 5.8.0-1039.41
linux-image-5.8.0-1038-oracle (Ubuntu package): before 5.8.0-1038.39~20.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1040-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1042-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1039-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1038-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5050-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU63662
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3573
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows local user to escalate their privileges on the system.
The vulnerability exists due to a use-after-free in hci_sock_bound_ioctl() function of the Linux kernel HCI subsystem triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user can use this flaw to crash the system or escalate privileges on the system.
MitigationUpdate the affected package linux-aws-5.8 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-5.8.0-1040-azure (Ubuntu package): before 5.8.0-1040.43~20.04.1
linux-image-gcp (Ubuntu package): before 5.8.0.1039.14
linux-image-5.8.0-1042-aws (Ubuntu package): before 5.8.0-1042.44~20.04.1
linux-image-aws (Ubuntu package): before 5.8.0.1042.44~20.04.14
linux-image-oracle (Ubuntu package): before 5.8.0.1038.39~20.04.14
linux-image-azure (Ubuntu package): before 5.8.0.1040.43~20.04.12
linux-image-5.8.0-1039-gcp (Ubuntu package): before 5.8.0-1039.41
linux-image-5.8.0-1038-oracle (Ubuntu package): before 5.8.0-1038.39~20.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1040-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1042-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1039-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1038-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5050-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU63383
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-38208
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the net/nfc/llcp_sock.c component. A remote attacker can make getsockname call and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws-5.8 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-5.8.0-1040-azure (Ubuntu package): before 5.8.0-1040.43~20.04.1
linux-image-gcp (Ubuntu package): before 5.8.0.1039.14
linux-image-5.8.0-1042-aws (Ubuntu package): before 5.8.0-1042.44~20.04.1
linux-image-aws (Ubuntu package): before 5.8.0.1042.44~20.04.14
linux-image-oracle (Ubuntu package): before 5.8.0.1038.39~20.04.14
linux-image-azure (Ubuntu package): before 5.8.0.1040.43~20.04.12
linux-image-5.8.0-1039-gcp (Ubuntu package): before 5.8.0-1039.41
linux-image-5.8.0-1038-oracle (Ubuntu package): before 5.8.0-1038.39~20.04.1
CPE2.3- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1040-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1042-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1039-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.8.0-1038-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5050-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
