Ubuntu update for linux-bluefield



Published: 2022-04-13 | Updated: 2023-12-06
Risk High
Patch available YES
Number of vulnerabilities 15
CVE-ID CVE-2021-28711
CVE-2021-28712
CVE-2021-28713
CVE-2021-28714
CVE-2021-28715
CVE-2021-4135
CVE-2021-43976
CVE-2021-44733
CVE-2021-45095
CVE-2021-45469
CVE-2021-45480
CVE-2022-0435
CVE-2022-0492
CVE-2022-1055
CVE-2022-27666
CWE-ID CWE-400
CWE-404
CWE-200
CWE-20
CWE-416
CWE-125
CWE-401
CWE-121
CWE-264
CWE-122
Exploitation vector Network
Public exploit Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #13 is available.
Public exploit code for vulnerability #15 is available.
Vulnerable software
Subscribe 		Ubuntu
Operating systems & Components / Operating system

linux-image-5.4.0-1032-bluefield (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-bluefield (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) Resource exhaustion

EUVDB-ID: #VU63563

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-28711

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper limits for number of events driver domains could send to other guest VMs. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU63564

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-28712

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper limits for number of events driver domains could send to other guest VMs. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU63565

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-28713

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper limits for number of events driver domains could send to other guest VMs. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Resource Shutdown or Release

EUVDB-ID: #VU63583

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-28714

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. A remote user can use a UDP connection on a fast interface to trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper Resource Shutdown or Release

EUVDB-ID: #VU63584

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-28715

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. A remote user can use a UDP connection on a fast interface to trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU63566

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4135

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to simulated networking device driver for the Linux kernel does not properly initialize memory in certain situations. A local user can gain unauthorized access to sensitive information (kernel memory).

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU61215

Risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43976

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the mwifiex_usb_recv() function in drivers/net/wireless/marvell/mwifiex/usb.c in Linux kernel. An attacker with physical access to the system can insert a specially crafted USB device and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU59100

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-44733

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to elevate privileges on the system.

The vulnerability exists due to a use-after-free error in the drivers/tee/tee_shm.c file within the TEE subsystem in the Linux kernel. A local user can trigger a race condition in tee_shm_get_from_id during an attempt to free a shared memory object and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Information disclosure

EUVDB-ID: #VU61579

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-45095

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a refcount leak within the pep_sock_accept() function in net/phonet/pep.c in the Linux kernel. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU63578

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-45469

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a boundary condition in the __f2fs_setxattr() function in fs/f2fs/xattr.c in the Linux kernel when an inode has an invalid last xattr entry. A local user can create a specially crafted f2fs image, trigger an out-of-bounds read error, and perform a denial of service attack or possibly execute arbitrary code.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory leak

EUVDB-ID: #VU63568

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-45480

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __rds_conn_create() function in net/rds/connection.c. A local user can perform a denial of service attack.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Stack-based buffer overflow

EUVDB-ID: #VU61216

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0435

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the Linux kernel networking module for the Transparent Inter-Process Communication (TIPC) protocol. A remote unauthenticated attacker can send specially crafted traffic to the system, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the TIPC bearer is set up.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU61245

Risk: Low

CVSSv3.1: 7.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2022-0492

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a logic error within the cgroup_release_agent_write() function in  kernel/cgroup/cgroup-v1.c. A local user can use the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

14) Use-after-free

EUVDB-ID: #VU61765

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1055

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tc_new_tfilter in Linux kernel. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Heap-based buffer overflow

EUVDB-ID: #VU61672

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-27666

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c in Linux kernel. A local unprivileged user can pass specially crafted data to the system, trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.4.0-1032-bluefield (Ubuntu package): before 5.4.0-1032.35

linux-image-bluefield (Ubuntu package): before 5.4.0.1032.33

External links

http://ubuntu.com/security/notices/USN-5377-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###