Ubuntu update for linux



Published: 2022-03-23 | Updated: 2023-12-06
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2021-3506
CVE-2021-43976
CVE-2021-44733
CVE-2021-45095
CVE-2022-0435
CVE-2022-0492
CWE-ID CWE-125
CWE-20
CWE-416
CWE-200
CWE-121
CWE-264
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #6 is available.
Vulnerable software
Subscribe 		Ubuntu
Operating systems & Components / Operating system

linux-image-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual-hwe-16.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-snapdragon (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oracle-lts-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency-hwe-16.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-hwe-16.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gcp-lts-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-dell300x (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure-lts-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-aws-lts-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-4.15.0-173-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-4.15.0-173-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-4.15.0-173-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-4.15.0-1134-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-4.15.0-1124-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-4.15.0-1123-snapdragon (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-4.15.0-1119-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-4.15.0-1110-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-4.15.0-1090-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-4.15.0-1038-dell300x (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gke (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-aws-hwe (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU53007

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3506

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in fs/f2fs/node.c in the f2fs module in the Linux kernel. A local user can trigger out-of-bounds read error and read internal kernel information or crash the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-gcp (Ubuntu package): before 5.4.0.1068.53

linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-virtual (Ubuntu package): before 4.15.0.173.162

linux-image-snapdragon (Ubuntu package): before 4.15.0.1123.126

linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1090.100

linux-image-oracle (Ubuntu package): before 5.4.0.1067.72~18.04.46

linux-image-oem (Ubuntu package): before 5.4.0.105.119~18.04.90

linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-lowlatency (Ubuntu package): before 4.15.0.173.162

linux-image-kvm (Ubuntu package): before 4.15.0.1110.106

linux-image-generic-lpae (Ubuntu package): before 4.15.0.173.162

linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-generic (Ubuntu package): before 4.15.0.173.162

linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1119.138

linux-image-dell300x (Ubuntu package): before 4.15.0.1038.40

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1134.107

linux-image-azure (Ubuntu package): before 5.4.0.1073.52

linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1124.127

linux-image-4.15.0-173-lowlatency (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-173-generic-lpae (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-173-generic (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-1134-azure (Ubuntu package): before 4.15.0-1134.147

linux-image-4.15.0-1124-aws (Ubuntu package): before 4.15.0-1124.133

linux-image-4.15.0-1123-snapdragon (Ubuntu package): before 4.15.0-1123.132

linux-image-4.15.0-1119-gcp (Ubuntu package): before 4.15.0-1119.133

linux-image-4.15.0-1110-kvm (Ubuntu package): before 4.15.0-1110.113

linux-image-4.15.0-1090-oracle (Ubuntu package): before 4.15.0-1090.99

linux-image-4.15.0-1038-dell300x (Ubuntu package): before 4.15.0-1038.43

linux-image-gke (Ubuntu package): before 5.8.0.1015.15

linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92

External links

http://ubuntu.com/security/notices/USN-5339-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU61215

Risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43976

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the mwifiex_usb_recv() function in drivers/net/wireless/marvell/mwifiex/usb.c in Linux kernel. An attacker with physical access to the system can insert a specially crafted USB device and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-gcp (Ubuntu package): before 5.4.0.1068.53

linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-virtual (Ubuntu package): before 4.15.0.173.162

linux-image-snapdragon (Ubuntu package): before 4.15.0.1123.126

linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1090.100

linux-image-oracle (Ubuntu package): before 5.4.0.1067.72~18.04.46

linux-image-oem (Ubuntu package): before 5.4.0.105.119~18.04.90

linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-lowlatency (Ubuntu package): before 4.15.0.173.162

linux-image-kvm (Ubuntu package): before 4.15.0.1110.106

linux-image-generic-lpae (Ubuntu package): before 4.15.0.173.162

linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-generic (Ubuntu package): before 4.15.0.173.162

linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1119.138

linux-image-dell300x (Ubuntu package): before 4.15.0.1038.40

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1134.107

linux-image-azure (Ubuntu package): before 5.4.0.1073.52

linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1124.127

linux-image-4.15.0-173-lowlatency (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-173-generic-lpae (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-173-generic (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-1134-azure (Ubuntu package): before 4.15.0-1134.147

linux-image-4.15.0-1124-aws (Ubuntu package): before 4.15.0-1124.133

linux-image-4.15.0-1123-snapdragon (Ubuntu package): before 4.15.0-1123.132

linux-image-4.15.0-1119-gcp (Ubuntu package): before 4.15.0-1119.133

linux-image-4.15.0-1110-kvm (Ubuntu package): before 4.15.0-1110.113

linux-image-4.15.0-1090-oracle (Ubuntu package): before 4.15.0-1090.99

linux-image-4.15.0-1038-dell300x (Ubuntu package): before 4.15.0-1038.43

linux-image-gke (Ubuntu package): before 5.8.0.1015.15

linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92

External links

http://ubuntu.com/security/notices/USN-5339-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU59100

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-44733

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to elevate privileges on the system.

The vulnerability exists due to a use-after-free error in the drivers/tee/tee_shm.c file within the TEE subsystem in the Linux kernel. A local user can trigger a race condition in tee_shm_get_from_id during an attempt to free a shared memory object and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-gcp (Ubuntu package): before 5.4.0.1068.53

linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-virtual (Ubuntu package): before 4.15.0.173.162

linux-image-snapdragon (Ubuntu package): before 4.15.0.1123.126

linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1090.100

linux-image-oracle (Ubuntu package): before 5.4.0.1067.72~18.04.46

linux-image-oem (Ubuntu package): before 5.4.0.105.119~18.04.90

linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-lowlatency (Ubuntu package): before 4.15.0.173.162

linux-image-kvm (Ubuntu package): before 4.15.0.1110.106

linux-image-generic-lpae (Ubuntu package): before 4.15.0.173.162

linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-generic (Ubuntu package): before 4.15.0.173.162

linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1119.138

linux-image-dell300x (Ubuntu package): before 4.15.0.1038.40

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1134.107

linux-image-azure (Ubuntu package): before 5.4.0.1073.52

linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1124.127

linux-image-4.15.0-173-lowlatency (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-173-generic-lpae (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-173-generic (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-1134-azure (Ubuntu package): before 4.15.0-1134.147

linux-image-4.15.0-1124-aws (Ubuntu package): before 4.15.0-1124.133

linux-image-4.15.0-1123-snapdragon (Ubuntu package): before 4.15.0-1123.132

linux-image-4.15.0-1119-gcp (Ubuntu package): before 4.15.0-1119.133

linux-image-4.15.0-1110-kvm (Ubuntu package): before 4.15.0-1110.113

linux-image-4.15.0-1090-oracle (Ubuntu package): before 4.15.0-1090.99

linux-image-4.15.0-1038-dell300x (Ubuntu package): before 4.15.0-1038.43

linux-image-gke (Ubuntu package): before 5.8.0.1015.15

linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92

External links

http://ubuntu.com/security/notices/USN-5339-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Information disclosure

EUVDB-ID: #VU61579

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-45095

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a refcount leak within the pep_sock_accept() function in net/phonet/pep.c in the Linux kernel. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-gcp (Ubuntu package): before 5.4.0.1068.53

linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-virtual (Ubuntu package): before 4.15.0.173.162

linux-image-snapdragon (Ubuntu package): before 4.15.0.1123.126

linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1090.100

linux-image-oracle (Ubuntu package): before 5.4.0.1067.72~18.04.46

linux-image-oem (Ubuntu package): before 5.4.0.105.119~18.04.90

linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-lowlatency (Ubuntu package): before 4.15.0.173.162

linux-image-kvm (Ubuntu package): before 4.15.0.1110.106

linux-image-generic-lpae (Ubuntu package): before 4.15.0.173.162

linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-generic (Ubuntu package): before 4.15.0.173.162

linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1119.138

linux-image-dell300x (Ubuntu package): before 4.15.0.1038.40

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1134.107

linux-image-azure (Ubuntu package): before 5.4.0.1073.52

linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1124.127

linux-image-4.15.0-173-lowlatency (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-173-generic-lpae (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-173-generic (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-1134-azure (Ubuntu package): before 4.15.0-1134.147

linux-image-4.15.0-1124-aws (Ubuntu package): before 4.15.0-1124.133

linux-image-4.15.0-1123-snapdragon (Ubuntu package): before 4.15.0-1123.132

linux-image-4.15.0-1119-gcp (Ubuntu package): before 4.15.0-1119.133

linux-image-4.15.0-1110-kvm (Ubuntu package): before 4.15.0-1110.113

linux-image-4.15.0-1090-oracle (Ubuntu package): before 4.15.0-1090.99

linux-image-4.15.0-1038-dell300x (Ubuntu package): before 4.15.0-1038.43

linux-image-gke (Ubuntu package): before 5.8.0.1015.15

linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92

External links

http://ubuntu.com/security/notices/USN-5339-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Stack-based buffer overflow

EUVDB-ID: #VU61216

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0435

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the Linux kernel networking module for the Transparent Inter-Process Communication (TIPC) protocol. A remote unauthenticated attacker can send specially crafted traffic to the system, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the TIPC bearer is set up.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-gcp (Ubuntu package): before 5.4.0.1068.53

linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-virtual (Ubuntu package): before 4.15.0.173.162

linux-image-snapdragon (Ubuntu package): before 4.15.0.1123.126

linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1090.100

linux-image-oracle (Ubuntu package): before 5.4.0.1067.72~18.04.46

linux-image-oem (Ubuntu package): before 5.4.0.105.119~18.04.90

linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-lowlatency (Ubuntu package): before 4.15.0.173.162

linux-image-kvm (Ubuntu package): before 4.15.0.1110.106

linux-image-generic-lpae (Ubuntu package): before 4.15.0.173.162

linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-generic (Ubuntu package): before 4.15.0.173.162

linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1119.138

linux-image-dell300x (Ubuntu package): before 4.15.0.1038.40

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1134.107

linux-image-azure (Ubuntu package): before 5.4.0.1073.52

linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1124.127

linux-image-4.15.0-173-lowlatency (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-173-generic-lpae (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-173-generic (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-1134-azure (Ubuntu package): before 4.15.0-1134.147

linux-image-4.15.0-1124-aws (Ubuntu package): before 4.15.0-1124.133

linux-image-4.15.0-1123-snapdragon (Ubuntu package): before 4.15.0-1123.132

linux-image-4.15.0-1119-gcp (Ubuntu package): before 4.15.0-1119.133

linux-image-4.15.0-1110-kvm (Ubuntu package): before 4.15.0-1110.113

linux-image-4.15.0-1090-oracle (Ubuntu package): before 4.15.0-1090.99

linux-image-4.15.0-1038-dell300x (Ubuntu package): before 4.15.0-1038.43

linux-image-gke (Ubuntu package): before 5.8.0.1015.15

linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92

External links

http://ubuntu.com/security/notices/USN-5339-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU61245

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-0492

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a logic error within the cgroup_release_agent_write() function in  kernel/cgroup/cgroup-v1.c. A local user can use the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-gcp (Ubuntu package): before 5.4.0.1068.53

linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-virtual (Ubuntu package): before 4.15.0.173.162

linux-image-snapdragon (Ubuntu package): before 4.15.0.1123.126

linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1090.100

linux-image-oracle (Ubuntu package): before 5.4.0.1067.72~18.04.46

linux-image-oem (Ubuntu package): before 5.4.0.105.119~18.04.90

linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-lowlatency (Ubuntu package): before 4.15.0.173.162

linux-image-kvm (Ubuntu package): before 4.15.0.1110.106

linux-image-generic-lpae (Ubuntu package): before 4.15.0.173.162

linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.173.162

linux-image-generic (Ubuntu package): before 4.15.0.173.162

linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1119.138

linux-image-dell300x (Ubuntu package): before 4.15.0.1038.40

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1134.107

linux-image-azure (Ubuntu package): before 5.4.0.1073.52

linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1124.127

linux-image-4.15.0-173-lowlatency (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-173-generic-lpae (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-173-generic (Ubuntu package): before 4.15.0-173.182

linux-image-4.15.0-1134-azure (Ubuntu package): before 4.15.0-1134.147

linux-image-4.15.0-1124-aws (Ubuntu package): before 4.15.0-1124.133

linux-image-4.15.0-1123-snapdragon (Ubuntu package): before 4.15.0-1123.132

linux-image-4.15.0-1119-gcp (Ubuntu package): before 4.15.0-1119.133

linux-image-4.15.0-1110-kvm (Ubuntu package): before 4.15.0-1110.113

linux-image-4.15.0-1090-oracle (Ubuntu package): before 4.15.0-1090.99

linux-image-4.15.0-1038-dell300x (Ubuntu package): before 4.15.0-1038.43

linux-image-gke (Ubuntu package): before 5.8.0.1015.15

linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92

External links

http://ubuntu.com/security/notices/USN-5339-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###