Ubuntu update for linux
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2019-0148 CVE-2020-25656 CVE-2020-25668 CVE-2020-27675 CVE-2020-28974 CVE-2020-4788 |
| CWE-ID | CWE-400 CWE-416 CWE-476 CWE-125 CWE-200 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-virtual-lts-xenial (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-powerpc64-smp-lts-xenial (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-powerpc64-emb-lts-xenial (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-powerpc-smp-lts-xenial (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-powerpc-e500mc-lts-xenial (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-lts-xenial (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lts-xenial (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae-lts-xenial (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-1083-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-198-powerpc64-smp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-198-powerpc64-emb (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-198-powerpc-smp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-198-powerpc-e500mc (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-198-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-198-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-198-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-snapdragon (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-powerpc64-smp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-powerpc64-emb (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-powerpc-smp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-powerpc-e500mc (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-1147-snapdragon (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-1143-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-1119-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-1085-kvm (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU22954
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0148
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a resource leak in i40e driver. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-virtual-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc64-smp-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc64-emb-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc-smp-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc-e500mc-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-lowlatency-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-generic-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-generic-lpae-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-4.4.0-1083-aws (Ubuntu package): before 4.4.0-1083.87
linux-image-aws (Ubuntu package): before 4.4.0.1083.80
linux-image-4.4.0-198-powerpc64-smp (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc64-emb (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-smp (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-e500mc (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-lowlatency (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-generic-lpae (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-generic (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-virtual (Ubuntu package): before 4.4.0.198.204
linux-image-snapdragon (Ubuntu package): before 4.4.0.1147.139
linux-image-raspi2 (Ubuntu package): before 4.4.0.1143.143
linux-image-powerpc64-smp (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc64-emb (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc-smp (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc-e500mc (Ubuntu package): before 4.4.0.198.204
linux-image-lowlatency (Ubuntu package): before 4.4.0.198.204
linux-image-kvm (Ubuntu package): before 4.4.0.1085.83
linux-image-generic-lpae (Ubuntu package): before 4.4.0.198.204
linux-image-generic (Ubuntu package): before 4.4.0.198.204
linux-image-4.4.0-1147-snapdragon (Ubuntu package): before 4.4.0-1147.157
linux-image-4.4.0-1143-raspi2 (Ubuntu package): before 4.4.0-1143.153
linux-image-4.4.0-1119-aws (Ubuntu package): before 4.4.0-1119.133
linux-image-4.4.0-1085-kvm (Ubuntu package): before 4.4.0-1085.94
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-smp-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-emb-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-smp-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-e500mc-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1147-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1143-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1119-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1085-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4681-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU51547
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-25656
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in the way the console subsystem uses KDGKBSENT and KDSKBSENT IOCTLs. A local user can run a specially crafted program to trigger an out-of-bounds read and gain access to sensitive information.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-virtual-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc64-smp-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc64-emb-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc-smp-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc-e500mc-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-lowlatency-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-generic-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-generic-lpae-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-4.4.0-1083-aws (Ubuntu package): before 4.4.0-1083.87
linux-image-aws (Ubuntu package): before 4.4.0.1083.80
linux-image-4.4.0-198-powerpc64-smp (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc64-emb (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-smp (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-e500mc (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-lowlatency (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-generic-lpae (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-generic (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-virtual (Ubuntu package): before 4.4.0.198.204
linux-image-snapdragon (Ubuntu package): before 4.4.0.1147.139
linux-image-raspi2 (Ubuntu package): before 4.4.0.1143.143
linux-image-powerpc64-smp (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc64-emb (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc-smp (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc-e500mc (Ubuntu package): before 4.4.0.198.204
linux-image-lowlatency (Ubuntu package): before 4.4.0.198.204
linux-image-kvm (Ubuntu package): before 4.4.0.1085.83
linux-image-generic-lpae (Ubuntu package): before 4.4.0.198.204
linux-image-generic (Ubuntu package): before 4.4.0.198.204
linux-image-4.4.0-1147-snapdragon (Ubuntu package): before 4.4.0-1147.157
linux-image-4.4.0-1143-raspi2 (Ubuntu package): before 4.4.0-1143.153
linux-image-4.4.0-1119-aws (Ubuntu package): before 4.4.0-1119.133
linux-image-4.4.0-1085-kvm (Ubuntu package): before 4.4.0-1085.94
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-smp-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-emb-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-smp-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-e500mc-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1147-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1143-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1119-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1085-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4681-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU83431
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-25668
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the con_font_op. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-virtual-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc64-smp-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc64-emb-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc-smp-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc-e500mc-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-lowlatency-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-generic-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-generic-lpae-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-4.4.0-1083-aws (Ubuntu package): before 4.4.0-1083.87
linux-image-aws (Ubuntu package): before 4.4.0.1083.80
linux-image-4.4.0-198-powerpc64-smp (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc64-emb (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-smp (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-e500mc (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-lowlatency (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-generic-lpae (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-generic (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-virtual (Ubuntu package): before 4.4.0.198.204
linux-image-snapdragon (Ubuntu package): before 4.4.0.1147.139
linux-image-raspi2 (Ubuntu package): before 4.4.0.1143.143
linux-image-powerpc64-smp (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc64-emb (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc-smp (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc-e500mc (Ubuntu package): before 4.4.0.198.204
linux-image-lowlatency (Ubuntu package): before 4.4.0.198.204
linux-image-kvm (Ubuntu package): before 4.4.0.1085.83
linux-image-generic-lpae (Ubuntu package): before 4.4.0.198.204
linux-image-generic (Ubuntu package): before 4.4.0.198.204
linux-image-4.4.0-1147-snapdragon (Ubuntu package): before 4.4.0-1147.157
linux-image-4.4.0-1143-raspi2 (Ubuntu package): before 4.4.0-1143.153
linux-image-4.4.0-1119-aws (Ubuntu package): before 4.4.0-1119.133
linux-image-4.4.0-1085-kvm (Ubuntu package): before 4.4.0-1085.94
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-smp-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-emb-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-smp-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-e500mc-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1147-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1143-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1119-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1085-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4681-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU83584
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-27675
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/xen/events/events_base.c. A malicious guest can trigger a dom0 crash by sending events for a paravirtualized device while simultaneously performing its reconfiguration.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-virtual-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc64-smp-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc64-emb-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc-smp-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc-e500mc-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-lowlatency-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-generic-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-generic-lpae-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-4.4.0-1083-aws (Ubuntu package): before 4.4.0-1083.87
linux-image-aws (Ubuntu package): before 4.4.0.1083.80
linux-image-4.4.0-198-powerpc64-smp (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc64-emb (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-smp (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-e500mc (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-lowlatency (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-generic-lpae (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-generic (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-virtual (Ubuntu package): before 4.4.0.198.204
linux-image-snapdragon (Ubuntu package): before 4.4.0.1147.139
linux-image-raspi2 (Ubuntu package): before 4.4.0.1143.143
linux-image-powerpc64-smp (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc64-emb (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc-smp (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc-e500mc (Ubuntu package): before 4.4.0.198.204
linux-image-lowlatency (Ubuntu package): before 4.4.0.198.204
linux-image-kvm (Ubuntu package): before 4.4.0.1085.83
linux-image-generic-lpae (Ubuntu package): before 4.4.0.198.204
linux-image-generic (Ubuntu package): before 4.4.0.198.204
linux-image-4.4.0-1147-snapdragon (Ubuntu package): before 4.4.0-1147.157
linux-image-4.4.0-1143-raspi2 (Ubuntu package): before 4.4.0-1143.153
linux-image-4.4.0-1119-aws (Ubuntu package): before 4.4.0-1119.133
linux-image-4.4.0-1085-kvm (Ubuntu package): before 4.4.0-1085.94
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-smp-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-emb-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-smp-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-e500mc-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1147-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1143-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1119-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1085-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4681-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU90369
Risk: Medium
CVSSv4.0: 1.8 [CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-28974
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to read and manipulate data.
The vulnerability exists due to an out-of-bounds read error within the con_font_default() and con_font_op() functions in drivers/tty/vt/vt.c. A local privileged user can read and manipulate data.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-virtual-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc64-smp-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc64-emb-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc-smp-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc-e500mc-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-lowlatency-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-generic-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-generic-lpae-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-4.4.0-1083-aws (Ubuntu package): before 4.4.0-1083.87
linux-image-aws (Ubuntu package): before 4.4.0.1083.80
linux-image-4.4.0-198-powerpc64-smp (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc64-emb (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-smp (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-e500mc (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-lowlatency (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-generic-lpae (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-generic (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-virtual (Ubuntu package): before 4.4.0.198.204
linux-image-snapdragon (Ubuntu package): before 4.4.0.1147.139
linux-image-raspi2 (Ubuntu package): before 4.4.0.1143.143
linux-image-powerpc64-smp (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc64-emb (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc-smp (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc-e500mc (Ubuntu package): before 4.4.0.198.204
linux-image-lowlatency (Ubuntu package): before 4.4.0.198.204
linux-image-kvm (Ubuntu package): before 4.4.0.1085.83
linux-image-generic-lpae (Ubuntu package): before 4.4.0.198.204
linux-image-generic (Ubuntu package): before 4.4.0.198.204
linux-image-4.4.0-1147-snapdragon (Ubuntu package): before 4.4.0-1147.157
linux-image-4.4.0-1143-raspi2 (Ubuntu package): before 4.4.0-1143.153
linux-image-4.4.0-1119-aws (Ubuntu package): before 4.4.0-1119.133
linux-image-4.4.0-1085-kvm (Ubuntu package): before 4.4.0-1085.94
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-smp-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-emb-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-smp-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-e500mc-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1147-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1143-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1119-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1085-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4681-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU48577
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-4788
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in IBM Power9 processors due to unspecified error. A local user can obtain sensitive information from the data in the L1 cache under extenuating circumstances.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-virtual-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc64-smp-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc64-emb-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc-smp-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-powerpc-e500mc-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-lowlatency-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-generic-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-generic-lpae-lts-xenial (Ubuntu package): before 4.4.0.198.173
linux-image-4.4.0-1083-aws (Ubuntu package): before 4.4.0-1083.87
linux-image-aws (Ubuntu package): before 4.4.0.1083.80
linux-image-4.4.0-198-powerpc64-smp (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc64-emb (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-smp (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-e500mc (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-lowlatency (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-generic-lpae (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-generic (Ubuntu package): before 4.4.0-198.230~14.04.1
linux-image-virtual (Ubuntu package): before 4.4.0.198.204
linux-image-snapdragon (Ubuntu package): before 4.4.0.1147.139
linux-image-raspi2 (Ubuntu package): before 4.4.0.1143.143
linux-image-powerpc64-smp (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc64-emb (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc-smp (Ubuntu package): before 4.4.0.198.204
linux-image-powerpc-e500mc (Ubuntu package): before 4.4.0.198.204
linux-image-lowlatency (Ubuntu package): before 4.4.0.198.204
linux-image-kvm (Ubuntu package): before 4.4.0.1085.83
linux-image-generic-lpae (Ubuntu package): before 4.4.0.198.204
linux-image-generic (Ubuntu package): before 4.4.0.198.204
linux-image-4.4.0-1147-snapdragon (Ubuntu package): before 4.4.0-1147.157
linux-image-4.4.0-1143-raspi2 (Ubuntu package): before 4.4.0-1143.153
linux-image-4.4.0-1119-aws (Ubuntu package): before 4.4.0-1119.133
linux-image-4.4.0-1085-kvm (Ubuntu package): before 4.4.0-1085.94
CPE2.3- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-smp-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-emb-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-smp-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-e500mc-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1083-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-198-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc64-emb_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-smp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-powerpc-e500mc_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1147-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1143-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1119-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.4.0-1085-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4681-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
