Ubuntu update for linux



Risk Medium
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2020-27820
CVE-2021-3640
CVE-2021-3752
CVE-2021-3772
CVE-2021-4001
CVE-2021-4090
CVE-2021-4093
CVE-2021-4202
CVE-2021-42327
CVE-2021-42739
CWE-ID CWE-416
CWE-345
CWE-362
CWE-787
CWE-125
CWE-119
Exploitation vector Network
Public exploit Public exploit code for vulnerability #9 is available.
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

linux-image-raspi (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-20.04c (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-64k-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.11.0-1028-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.11.0-1028-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.11.0-1029-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.13.0-1029-oem (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.13.0-1016-raspi-nolpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.13.0-1016-raspi (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gke (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.13.0-1016-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.13.0-28-generic-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.13.0-1013-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-raspi-nolpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.13.0-1011-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.13.0-28-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.13.0-28-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.13.0-28-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.13.0-1012-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU63322

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27820

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to a use-after-free error in nouveau's postclose() handler. A local user can send specially crafted data to the system and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 21.10

linux-image-raspi (Ubuntu package): before 5.13.0.1016.21

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1029.31

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1028-azure (Ubuntu package): before 5.11.0-1028.31~20.04.2

linux-image-azure (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.11.0-1028-oracle (Ubuntu package): before 5.11.0-1028.31~20.04.1

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1029-gcp (Ubuntu package): before 5.11.0-1029.33~20.04.3

linux-image-5.13.0-1029-oem (Ubuntu package): before 5.13.0-1029.36

linux-image-lowlatency (Ubuntu package): before 5.13.0.28.38

linux-image-generic-64k (Ubuntu package): before 5.13.0.28.38

linux-image-generic-lpae (Ubuntu package): before 5.13.0.28.38

linux-image-kvm (Ubuntu package): before 5.13.0.1011.11

linux-image-5.13.0-1016-raspi-nolpae (Ubuntu package): before 5.13.0-1016.18

linux-image-oracle (Ubuntu package): before 5.11.0.1028.31~20.04.20

linux-image-gcp (Ubuntu package): before 5.11.0.1029.33~20.04.27

linux-image-5.13.0-1016-raspi (Ubuntu package): before 5.13.0-1016.18

linux-image-gke (Ubuntu package): before 5.13.0.1013.12

linux-image-5.13.0-1016-oracle (Ubuntu package): before 5.13.0-1016.20

linux-image-oem-20.04 (Ubuntu package): before 5.13.0.28.38

linux-image-5.13.0-28-generic-64k (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-1013-gcp (Ubuntu package): before 5.13.0-1013.16

linux-image-raspi-nolpae (Ubuntu package): before 5.13.0.1016.21

linux-image-5.13.0-1011-kvm (Ubuntu package): before 5.13.0-1011.12

linux-image-5.13.0-28-lowlatency (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic-lpae (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-aws (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.13.0-1012-aws (Ubuntu package): before 5.13.0-1012.13

linux-image-generic (Ubuntu package): before 5.13.0.28.38

linux-image-virtual (Ubuntu package): before 5.13.0.28.38

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5265-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU63769

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3640

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in sco_sock_sendmsg() function of the Linux kernel HCI subsystem. A privileged local user can call ioct UFFDIO_REGISTER or other way trigger race condition to escalate privileges on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 21.10

linux-image-raspi (Ubuntu package): before 5.13.0.1016.21

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1029.31

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1028-azure (Ubuntu package): before 5.11.0-1028.31~20.04.2

linux-image-azure (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.11.0-1028-oracle (Ubuntu package): before 5.11.0-1028.31~20.04.1

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1029-gcp (Ubuntu package): before 5.11.0-1029.33~20.04.3

linux-image-5.13.0-1029-oem (Ubuntu package): before 5.13.0-1029.36

linux-image-lowlatency (Ubuntu package): before 5.13.0.28.38

linux-image-generic-64k (Ubuntu package): before 5.13.0.28.38

linux-image-generic-lpae (Ubuntu package): before 5.13.0.28.38

linux-image-kvm (Ubuntu package): before 5.13.0.1011.11

linux-image-5.13.0-1016-raspi-nolpae (Ubuntu package): before 5.13.0-1016.18

linux-image-oracle (Ubuntu package): before 5.11.0.1028.31~20.04.20

linux-image-gcp (Ubuntu package): before 5.11.0.1029.33~20.04.27

linux-image-5.13.0-1016-raspi (Ubuntu package): before 5.13.0-1016.18

linux-image-gke (Ubuntu package): before 5.13.0.1013.12

linux-image-5.13.0-1016-oracle (Ubuntu package): before 5.13.0-1016.20

linux-image-oem-20.04 (Ubuntu package): before 5.13.0.28.38

linux-image-5.13.0-28-generic-64k (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-1013-gcp (Ubuntu package): before 5.13.0-1013.16

linux-image-raspi-nolpae (Ubuntu package): before 5.13.0.1016.21

linux-image-5.13.0-1011-kvm (Ubuntu package): before 5.13.0-1011.12

linux-image-5.13.0-28-lowlatency (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic-lpae (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-aws (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.13.0-1012-aws (Ubuntu package): before 5.13.0-1012.13

linux-image-generic (Ubuntu package): before 5.13.0.28.38

linux-image-virtual (Ubuntu package): before 5.13.0.28.38

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5265-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU63767

Risk: Low

CVSSv4.0: 4.8 [CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3752

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel’s Bluetooth subsystem when a user calls connect to the socket and disconnect simultaneously. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 21.10

linux-image-raspi (Ubuntu package): before 5.13.0.1016.21

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1029.31

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1028-azure (Ubuntu package): before 5.11.0-1028.31~20.04.2

linux-image-azure (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.11.0-1028-oracle (Ubuntu package): before 5.11.0-1028.31~20.04.1

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1029-gcp (Ubuntu package): before 5.11.0-1029.33~20.04.3

linux-image-5.13.0-1029-oem (Ubuntu package): before 5.13.0-1029.36

linux-image-lowlatency (Ubuntu package): before 5.13.0.28.38

linux-image-generic-64k (Ubuntu package): before 5.13.0.28.38

linux-image-generic-lpae (Ubuntu package): before 5.13.0.28.38

linux-image-kvm (Ubuntu package): before 5.13.0.1011.11

linux-image-5.13.0-1016-raspi-nolpae (Ubuntu package): before 5.13.0-1016.18

linux-image-oracle (Ubuntu package): before 5.11.0.1028.31~20.04.20

linux-image-gcp (Ubuntu package): before 5.11.0.1029.33~20.04.27

linux-image-5.13.0-1016-raspi (Ubuntu package): before 5.13.0-1016.18

linux-image-gke (Ubuntu package): before 5.13.0.1013.12

linux-image-5.13.0-1016-oracle (Ubuntu package): before 5.13.0-1016.20

linux-image-oem-20.04 (Ubuntu package): before 5.13.0.28.38

linux-image-5.13.0-28-generic-64k (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-1013-gcp (Ubuntu package): before 5.13.0-1013.16

linux-image-raspi-nolpae (Ubuntu package): before 5.13.0.1016.21

linux-image-5.13.0-1011-kvm (Ubuntu package): before 5.13.0-1011.12

linux-image-5.13.0-28-lowlatency (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic-lpae (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-aws (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.13.0-1012-aws (Ubuntu package): before 5.13.0-1012.13

linux-image-generic (Ubuntu package): before 5.13.0.28.38

linux-image-virtual (Ubuntu package): before 5.13.0.28.38

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5265-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Insufficient verification of data authenticity

EUVDB-ID: #VU63835

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-3772

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to insufficient verification of data authenticity in the Linux SCTP stack. A remote attacker can exploit this vulnerability to perform a denial of service attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 21.10

linux-image-raspi (Ubuntu package): before 5.13.0.1016.21

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1029.31

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1028-azure (Ubuntu package): before 5.11.0-1028.31~20.04.2

linux-image-azure (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.11.0-1028-oracle (Ubuntu package): before 5.11.0-1028.31~20.04.1

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1029-gcp (Ubuntu package): before 5.11.0-1029.33~20.04.3

linux-image-5.13.0-1029-oem (Ubuntu package): before 5.13.0-1029.36

linux-image-lowlatency (Ubuntu package): before 5.13.0.28.38

linux-image-generic-64k (Ubuntu package): before 5.13.0.28.38

linux-image-generic-lpae (Ubuntu package): before 5.13.0.28.38

linux-image-kvm (Ubuntu package): before 5.13.0.1011.11

linux-image-5.13.0-1016-raspi-nolpae (Ubuntu package): before 5.13.0-1016.18

linux-image-oracle (Ubuntu package): before 5.11.0.1028.31~20.04.20

linux-image-gcp (Ubuntu package): before 5.11.0.1029.33~20.04.27

linux-image-5.13.0-1016-raspi (Ubuntu package): before 5.13.0-1016.18

linux-image-gke (Ubuntu package): before 5.13.0.1013.12

linux-image-5.13.0-1016-oracle (Ubuntu package): before 5.13.0-1016.20

linux-image-oem-20.04 (Ubuntu package): before 5.13.0.28.38

linux-image-5.13.0-28-generic-64k (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-1013-gcp (Ubuntu package): before 5.13.0-1013.16

linux-image-raspi-nolpae (Ubuntu package): before 5.13.0.1016.21

linux-image-5.13.0-1011-kvm (Ubuntu package): before 5.13.0-1011.12

linux-image-5.13.0-28-lowlatency (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic-lpae (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-aws (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.13.0-1012-aws (Ubuntu package): before 5.13.0-1012.13

linux-image-generic (Ubuntu package): before 5.13.0.28.38

linux-image-virtual (Ubuntu package): before 5.13.0.28.38

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5265-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Race condition

EUVDB-ID: #VU81665

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-4001

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in kernel/bpf/syscall.c in Linux kernel ebpf. A local user can exploit the race between bpf_map_update_elem and bpf_map_freeze and modify the frozen mapped address space.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 21.10

linux-image-raspi (Ubuntu package): before 5.13.0.1016.21

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1029.31

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1028-azure (Ubuntu package): before 5.11.0-1028.31~20.04.2

linux-image-azure (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.11.0-1028-oracle (Ubuntu package): before 5.11.0-1028.31~20.04.1

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1029-gcp (Ubuntu package): before 5.11.0-1029.33~20.04.3

linux-image-5.13.0-1029-oem (Ubuntu package): before 5.13.0-1029.36

linux-image-lowlatency (Ubuntu package): before 5.13.0.28.38

linux-image-generic-64k (Ubuntu package): before 5.13.0.28.38

linux-image-generic-lpae (Ubuntu package): before 5.13.0.28.38

linux-image-kvm (Ubuntu package): before 5.13.0.1011.11

linux-image-5.13.0-1016-raspi-nolpae (Ubuntu package): before 5.13.0-1016.18

linux-image-oracle (Ubuntu package): before 5.11.0.1028.31~20.04.20

linux-image-gcp (Ubuntu package): before 5.11.0.1029.33~20.04.27

linux-image-5.13.0-1016-raspi (Ubuntu package): before 5.13.0-1016.18

linux-image-gke (Ubuntu package): before 5.13.0.1013.12

linux-image-5.13.0-1016-oracle (Ubuntu package): before 5.13.0-1016.20

linux-image-oem-20.04 (Ubuntu package): before 5.13.0.28.38

linux-image-5.13.0-28-generic-64k (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-1013-gcp (Ubuntu package): before 5.13.0-1013.16

linux-image-raspi-nolpae (Ubuntu package): before 5.13.0.1016.21

linux-image-5.13.0-1011-kvm (Ubuntu package): before 5.13.0-1011.12

linux-image-5.13.0-28-lowlatency (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic-lpae (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-aws (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.13.0-1012-aws (Ubuntu package): before 5.13.0-1012.13

linux-image-generic (Ubuntu package): before 5.13.0.28.38

linux-image-virtual (Ubuntu package): before 5.13.0.28.38

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5265-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU92750

Risk: Low

CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-4090

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to read and manipulate data.

An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 21.10

linux-image-raspi (Ubuntu package): before 5.13.0.1016.21

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1029.31

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1028-azure (Ubuntu package): before 5.11.0-1028.31~20.04.2

linux-image-azure (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.11.0-1028-oracle (Ubuntu package): before 5.11.0-1028.31~20.04.1

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1029-gcp (Ubuntu package): before 5.11.0-1029.33~20.04.3

linux-image-5.13.0-1029-oem (Ubuntu package): before 5.13.0-1029.36

linux-image-lowlatency (Ubuntu package): before 5.13.0.28.38

linux-image-generic-64k (Ubuntu package): before 5.13.0.28.38

linux-image-generic-lpae (Ubuntu package): before 5.13.0.28.38

linux-image-kvm (Ubuntu package): before 5.13.0.1011.11

linux-image-5.13.0-1016-raspi-nolpae (Ubuntu package): before 5.13.0-1016.18

linux-image-oracle (Ubuntu package): before 5.11.0.1028.31~20.04.20

linux-image-gcp (Ubuntu package): before 5.11.0.1029.33~20.04.27

linux-image-5.13.0-1016-raspi (Ubuntu package): before 5.13.0-1016.18

linux-image-gke (Ubuntu package): before 5.13.0.1013.12

linux-image-5.13.0-1016-oracle (Ubuntu package): before 5.13.0-1016.20

linux-image-oem-20.04 (Ubuntu package): before 5.13.0.28.38

linux-image-5.13.0-28-generic-64k (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-1013-gcp (Ubuntu package): before 5.13.0-1013.16

linux-image-raspi-nolpae (Ubuntu package): before 5.13.0.1016.21

linux-image-5.13.0-1011-kvm (Ubuntu package): before 5.13.0-1011.12

linux-image-5.13.0-28-lowlatency (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic-lpae (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-aws (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.13.0-1012-aws (Ubuntu package): before 5.13.0-1012.13

linux-image-generic (Ubuntu package): before 5.13.0.28.38

linux-image-virtual (Ubuntu package): before 5.13.0.28.38

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5265-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU95678

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-4093

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 21.10

linux-image-raspi (Ubuntu package): before 5.13.0.1016.21

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1029.31

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1028-azure (Ubuntu package): before 5.11.0-1028.31~20.04.2

linux-image-azure (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.11.0-1028-oracle (Ubuntu package): before 5.11.0-1028.31~20.04.1

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1029-gcp (Ubuntu package): before 5.11.0-1029.33~20.04.3

linux-image-5.13.0-1029-oem (Ubuntu package): before 5.13.0-1029.36

linux-image-lowlatency (Ubuntu package): before 5.13.0.28.38

linux-image-generic-64k (Ubuntu package): before 5.13.0.28.38

linux-image-generic-lpae (Ubuntu package): before 5.13.0.28.38

linux-image-kvm (Ubuntu package): before 5.13.0.1011.11

linux-image-5.13.0-1016-raspi-nolpae (Ubuntu package): before 5.13.0-1016.18

linux-image-oracle (Ubuntu package): before 5.11.0.1028.31~20.04.20

linux-image-gcp (Ubuntu package): before 5.11.0.1029.33~20.04.27

linux-image-5.13.0-1016-raspi (Ubuntu package): before 5.13.0-1016.18

linux-image-gke (Ubuntu package): before 5.13.0.1013.12

linux-image-5.13.0-1016-oracle (Ubuntu package): before 5.13.0-1016.20

linux-image-oem-20.04 (Ubuntu package): before 5.13.0.28.38

linux-image-5.13.0-28-generic-64k (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-1013-gcp (Ubuntu package): before 5.13.0-1013.16

linux-image-raspi-nolpae (Ubuntu package): before 5.13.0.1016.21

linux-image-5.13.0-1011-kvm (Ubuntu package): before 5.13.0-1011.12

linux-image-5.13.0-28-lowlatency (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic-lpae (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-aws (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.13.0-1012-aws (Ubuntu package): before 5.13.0-1012.13

linux-image-generic (Ubuntu package): before 5.13.0.28.38

linux-image-virtual (Ubuntu package): before 5.13.0.28.38

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5265-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU63764

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-4202

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the nci_request() function in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. A local user can cause a data race problem while the device is getting removed and escalate privileges on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 21.10

linux-image-raspi (Ubuntu package): before 5.13.0.1016.21

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1029.31

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1028-azure (Ubuntu package): before 5.11.0-1028.31~20.04.2

linux-image-azure (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.11.0-1028-oracle (Ubuntu package): before 5.11.0-1028.31~20.04.1

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1029-gcp (Ubuntu package): before 5.11.0-1029.33~20.04.3

linux-image-5.13.0-1029-oem (Ubuntu package): before 5.13.0-1029.36

linux-image-lowlatency (Ubuntu package): before 5.13.0.28.38

linux-image-generic-64k (Ubuntu package): before 5.13.0.28.38

linux-image-generic-lpae (Ubuntu package): before 5.13.0.28.38

linux-image-kvm (Ubuntu package): before 5.13.0.1011.11

linux-image-5.13.0-1016-raspi-nolpae (Ubuntu package): before 5.13.0-1016.18

linux-image-oracle (Ubuntu package): before 5.11.0.1028.31~20.04.20

linux-image-gcp (Ubuntu package): before 5.11.0.1029.33~20.04.27

linux-image-5.13.0-1016-raspi (Ubuntu package): before 5.13.0-1016.18

linux-image-gke (Ubuntu package): before 5.13.0.1013.12

linux-image-5.13.0-1016-oracle (Ubuntu package): before 5.13.0-1016.20

linux-image-oem-20.04 (Ubuntu package): before 5.13.0.28.38

linux-image-5.13.0-28-generic-64k (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-1013-gcp (Ubuntu package): before 5.13.0-1013.16

linux-image-raspi-nolpae (Ubuntu package): before 5.13.0.1016.21

linux-image-5.13.0-1011-kvm (Ubuntu package): before 5.13.0-1011.12

linux-image-5.13.0-28-lowlatency (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic-lpae (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-aws (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.13.0-1012-aws (Ubuntu package): before 5.13.0-1012.13

linux-image-generic (Ubuntu package): before 5.13.0.28.38

linux-image-virtual (Ubuntu package): before 5.13.0.28.38

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5265-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds write

EUVDB-ID: #VU92411

Risk: Low

CVSSv4.0: 7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2021-42327

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: Yes

Description

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to out-of-bounds write error. A local privileged user can execute arbitrary code.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 21.10

linux-image-raspi (Ubuntu package): before 5.13.0.1016.21

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1029.31

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1028-azure (Ubuntu package): before 5.11.0-1028.31~20.04.2

linux-image-azure (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.11.0-1028-oracle (Ubuntu package): before 5.11.0-1028.31~20.04.1

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1029-gcp (Ubuntu package): before 5.11.0-1029.33~20.04.3

linux-image-5.13.0-1029-oem (Ubuntu package): before 5.13.0-1029.36

linux-image-lowlatency (Ubuntu package): before 5.13.0.28.38

linux-image-generic-64k (Ubuntu package): before 5.13.0.28.38

linux-image-generic-lpae (Ubuntu package): before 5.13.0.28.38

linux-image-kvm (Ubuntu package): before 5.13.0.1011.11

linux-image-5.13.0-1016-raspi-nolpae (Ubuntu package): before 5.13.0-1016.18

linux-image-oracle (Ubuntu package): before 5.11.0.1028.31~20.04.20

linux-image-gcp (Ubuntu package): before 5.11.0.1029.33~20.04.27

linux-image-5.13.0-1016-raspi (Ubuntu package): before 5.13.0-1016.18

linux-image-gke (Ubuntu package): before 5.13.0.1013.12

linux-image-5.13.0-1016-oracle (Ubuntu package): before 5.13.0-1016.20

linux-image-oem-20.04 (Ubuntu package): before 5.13.0.28.38

linux-image-5.13.0-28-generic-64k (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-1013-gcp (Ubuntu package): before 5.13.0-1013.16

linux-image-raspi-nolpae (Ubuntu package): before 5.13.0.1016.21

linux-image-5.13.0-1011-kvm (Ubuntu package): before 5.13.0-1011.12

linux-image-5.13.0-28-lowlatency (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic-lpae (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-aws (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.13.0-1012-aws (Ubuntu package): before 5.13.0-1012.13

linux-image-generic (Ubuntu package): before 5.13.0.28.38

linux-image-virtual (Ubuntu package): before 5.13.0.28.38

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5265-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Buffer overflow

EUVDB-ID: #VU59474

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-42739

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary within the firewire subsystem in the Linux kernel in drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c files. A local privileged user can run a specially crafted program tat calls avc_ca_pmt() function to trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 21.10

linux-image-raspi (Ubuntu package): before 5.13.0.1016.21

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1029.31

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1028-azure (Ubuntu package): before 5.11.0-1028.31~20.04.2

linux-image-azure (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.11.0-1028-oracle (Ubuntu package): before 5.11.0-1028.31~20.04.1

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.13.0.28.31~20.04.15

linux-image-5.11.0-1029-gcp (Ubuntu package): before 5.11.0-1029.33~20.04.3

linux-image-5.13.0-1029-oem (Ubuntu package): before 5.13.0-1029.36

linux-image-lowlatency (Ubuntu package): before 5.13.0.28.38

linux-image-generic-64k (Ubuntu package): before 5.13.0.28.38

linux-image-generic-lpae (Ubuntu package): before 5.13.0.28.38

linux-image-kvm (Ubuntu package): before 5.13.0.1011.11

linux-image-5.13.0-1016-raspi-nolpae (Ubuntu package): before 5.13.0-1016.18

linux-image-oracle (Ubuntu package): before 5.11.0.1028.31~20.04.20

linux-image-gcp (Ubuntu package): before 5.11.0.1029.33~20.04.27

linux-image-5.13.0-1016-raspi (Ubuntu package): before 5.13.0-1016.18

linux-image-gke (Ubuntu package): before 5.13.0.1013.12

linux-image-5.13.0-1016-oracle (Ubuntu package): before 5.13.0-1016.20

linux-image-oem-20.04 (Ubuntu package): before 5.13.0.28.38

linux-image-5.13.0-28-generic-64k (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-1013-gcp (Ubuntu package): before 5.13.0-1013.16

linux-image-raspi-nolpae (Ubuntu package): before 5.13.0.1016.21

linux-image-5.13.0-1011-kvm (Ubuntu package): before 5.13.0-1011.12

linux-image-5.13.0-28-lowlatency (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-5.13.0-28-generic-lpae (Ubuntu package): before 5.13.0-28.31~20.04.1

linux-image-aws (Ubuntu package): before 5.11.0.1028.31~20.04.26

linux-image-5.13.0-1012-aws (Ubuntu package): before 5.13.0-1012.13

linux-image-generic (Ubuntu package): before 5.13.0.28.38

linux-image-virtual (Ubuntu package): before 5.13.0.28.38

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5265-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###