Ubuntu update for linux



Risk Medium
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2020-25656
CVE-2020-25668
CVE-2020-25704
CVE-2020-27675
CVE-2020-27777
CVE-2020-28974
CWE-ID CWE-416
CWE-401
CWE-476
CWE-862
CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

linux-image-virtual (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-raspi2 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-raspi (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-osp1 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-59-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-59-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-59-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1035-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1034-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1034-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1033-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1031-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1026-raspi (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-raspi-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-snapdragon-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gke-5.4 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1033-gke (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU51547

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25656

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in the way the console subsystem uses KDGKBSENT and KDSKBSENT IOCTLs. A local user can run a specially crafted program to trigger an out-of-bounds read and gain access to sensitive information.


Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual (Ubuntu package): before 5.4.0.59.62

linux-image-raspi2 (Ubuntu package): before 5.4.0.1026.61

linux-image-raspi (Ubuntu package): before 5.4.0.1026.61

linux-image-oracle (Ubuntu package): before 5.4.0.1034.31

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.59.62

linux-image-oem (Ubuntu package): before 5.4.0.59.62

linux-image-lowlatency (Ubuntu package): before 5.4.0.59.62

linux-image-kvm (Ubuntu package): before 5.4.0.1031.29

linux-image-generic-lpae (Ubuntu package): before 5.4.0.59.62

linux-image-generic (Ubuntu package): before 5.4.0.59.62

linux-image-gcp (Ubuntu package): before 5.4.0.1033.21

linux-image-azure (Ubuntu package): before 5.4.0.1035.17

linux-image-aws (Ubuntu package): before 5.4.0.1034.19

linux-image-5.4.0-59-lowlatency (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-59-generic-lpae (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-59-generic (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-1035-azure (Ubuntu package): before 5.4.0-1035.36~18.04.1

linux-image-5.4.0-1034-oracle (Ubuntu package): before 5.4.0-1034.36~18.04.1

linux-image-5.4.0-1034-aws (Ubuntu package): before 5.4.0-1034.35~18.04.1

linux-image-5.4.0-1033-gcp (Ubuntu package): before 5.4.0-1033.35~18.04.1

linux-image-5.4.0-1031-kvm (Ubuntu package): before 5.4.0-1031.32

linux-image-5.4.0-1026-raspi (Ubuntu package): before 5.4.0-1026.29~18.04.1

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1026.30

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1033.35~18.04.2

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-5.4.0-1033-gke (Ubuntu package): before 5.4.0-1033.35~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4679-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU83431

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25668

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the con_font_op. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual (Ubuntu package): before 5.4.0.59.62

linux-image-raspi2 (Ubuntu package): before 5.4.0.1026.61

linux-image-raspi (Ubuntu package): before 5.4.0.1026.61

linux-image-oracle (Ubuntu package): before 5.4.0.1034.31

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.59.62

linux-image-oem (Ubuntu package): before 5.4.0.59.62

linux-image-lowlatency (Ubuntu package): before 5.4.0.59.62

linux-image-kvm (Ubuntu package): before 5.4.0.1031.29

linux-image-generic-lpae (Ubuntu package): before 5.4.0.59.62

linux-image-generic (Ubuntu package): before 5.4.0.59.62

linux-image-gcp (Ubuntu package): before 5.4.0.1033.21

linux-image-azure (Ubuntu package): before 5.4.0.1035.17

linux-image-aws (Ubuntu package): before 5.4.0.1034.19

linux-image-5.4.0-59-lowlatency (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-59-generic-lpae (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-59-generic (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-1035-azure (Ubuntu package): before 5.4.0-1035.36~18.04.1

linux-image-5.4.0-1034-oracle (Ubuntu package): before 5.4.0-1034.36~18.04.1

linux-image-5.4.0-1034-aws (Ubuntu package): before 5.4.0-1034.35~18.04.1

linux-image-5.4.0-1033-gcp (Ubuntu package): before 5.4.0-1033.35~18.04.1

linux-image-5.4.0-1031-kvm (Ubuntu package): before 5.4.0-1031.32

linux-image-5.4.0-1026-raspi (Ubuntu package): before 5.4.0-1026.29~18.04.1

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1026.30

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1033.35~18.04.2

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-5.4.0-1033-gke (Ubuntu package): before 5.4.0-1033.35~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4679-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory leak

EUVDB-ID: #VU55258

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25704

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the Linux kernel performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual (Ubuntu package): before 5.4.0.59.62

linux-image-raspi2 (Ubuntu package): before 5.4.0.1026.61

linux-image-raspi (Ubuntu package): before 5.4.0.1026.61

linux-image-oracle (Ubuntu package): before 5.4.0.1034.31

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.59.62

linux-image-oem (Ubuntu package): before 5.4.0.59.62

linux-image-lowlatency (Ubuntu package): before 5.4.0.59.62

linux-image-kvm (Ubuntu package): before 5.4.0.1031.29

linux-image-generic-lpae (Ubuntu package): before 5.4.0.59.62

linux-image-generic (Ubuntu package): before 5.4.0.59.62

linux-image-gcp (Ubuntu package): before 5.4.0.1033.21

linux-image-azure (Ubuntu package): before 5.4.0.1035.17

linux-image-aws (Ubuntu package): before 5.4.0.1034.19

linux-image-5.4.0-59-lowlatency (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-59-generic-lpae (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-59-generic (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-1035-azure (Ubuntu package): before 5.4.0-1035.36~18.04.1

linux-image-5.4.0-1034-oracle (Ubuntu package): before 5.4.0-1034.36~18.04.1

linux-image-5.4.0-1034-aws (Ubuntu package): before 5.4.0-1034.35~18.04.1

linux-image-5.4.0-1033-gcp (Ubuntu package): before 5.4.0-1033.35~18.04.1

linux-image-5.4.0-1031-kvm (Ubuntu package): before 5.4.0-1031.32

linux-image-5.4.0-1026-raspi (Ubuntu package): before 5.4.0-1026.29~18.04.1

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1026.30

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1033.35~18.04.2

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-5.4.0-1033-gke (Ubuntu package): before 5.4.0-1033.35~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4679-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU83584

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27675

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/xen/events/events_base.c. A malicious guest can trigger a dom0 crash by sending events for a paravirtualized device while simultaneously performing its reconfiguration.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual (Ubuntu package): before 5.4.0.59.62

linux-image-raspi2 (Ubuntu package): before 5.4.0.1026.61

linux-image-raspi (Ubuntu package): before 5.4.0.1026.61

linux-image-oracle (Ubuntu package): before 5.4.0.1034.31

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.59.62

linux-image-oem (Ubuntu package): before 5.4.0.59.62

linux-image-lowlatency (Ubuntu package): before 5.4.0.59.62

linux-image-kvm (Ubuntu package): before 5.4.0.1031.29

linux-image-generic-lpae (Ubuntu package): before 5.4.0.59.62

linux-image-generic (Ubuntu package): before 5.4.0.59.62

linux-image-gcp (Ubuntu package): before 5.4.0.1033.21

linux-image-azure (Ubuntu package): before 5.4.0.1035.17

linux-image-aws (Ubuntu package): before 5.4.0.1034.19

linux-image-5.4.0-59-lowlatency (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-59-generic-lpae (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-59-generic (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-1035-azure (Ubuntu package): before 5.4.0-1035.36~18.04.1

linux-image-5.4.0-1034-oracle (Ubuntu package): before 5.4.0-1034.36~18.04.1

linux-image-5.4.0-1034-aws (Ubuntu package): before 5.4.0-1034.35~18.04.1

linux-image-5.4.0-1033-gcp (Ubuntu package): before 5.4.0-1033.35~18.04.1

linux-image-5.4.0-1031-kvm (Ubuntu package): before 5.4.0-1031.32

linux-image-5.4.0-1026-raspi (Ubuntu package): before 5.4.0-1026.29~18.04.1

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1026.30

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1033.35~18.04.2

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-5.4.0-1033-gke (Ubuntu package): before 5.4.0-1033.35~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4679-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Missing Authorization

EUVDB-ID: #VU56242

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27777

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way RTAS handles memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like user could use this flaw to further increase their privileges to that of a running kernel.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual (Ubuntu package): before 5.4.0.59.62

linux-image-raspi2 (Ubuntu package): before 5.4.0.1026.61

linux-image-raspi (Ubuntu package): before 5.4.0.1026.61

linux-image-oracle (Ubuntu package): before 5.4.0.1034.31

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.59.62

linux-image-oem (Ubuntu package): before 5.4.0.59.62

linux-image-lowlatency (Ubuntu package): before 5.4.0.59.62

linux-image-kvm (Ubuntu package): before 5.4.0.1031.29

linux-image-generic-lpae (Ubuntu package): before 5.4.0.59.62

linux-image-generic (Ubuntu package): before 5.4.0.59.62

linux-image-gcp (Ubuntu package): before 5.4.0.1033.21

linux-image-azure (Ubuntu package): before 5.4.0.1035.17

linux-image-aws (Ubuntu package): before 5.4.0.1034.19

linux-image-5.4.0-59-lowlatency (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-59-generic-lpae (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-59-generic (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-1035-azure (Ubuntu package): before 5.4.0-1035.36~18.04.1

linux-image-5.4.0-1034-oracle (Ubuntu package): before 5.4.0-1034.36~18.04.1

linux-image-5.4.0-1034-aws (Ubuntu package): before 5.4.0-1034.35~18.04.1

linux-image-5.4.0-1033-gcp (Ubuntu package): before 5.4.0-1033.35~18.04.1

linux-image-5.4.0-1031-kvm (Ubuntu package): before 5.4.0-1031.32

linux-image-5.4.0-1026-raspi (Ubuntu package): before 5.4.0-1026.29~18.04.1

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1026.30

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1033.35~18.04.2

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-5.4.0-1033-gke (Ubuntu package): before 5.4.0-1033.35~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4679-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU90369

Risk: Medium

CVSSv4.0: 1.8 [CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-28974

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local privileged user to read and manipulate data.

The vulnerability exists due to an out-of-bounds read error within the con_font_default() and con_font_op() functions in drivers/tty/vt/vt.c. A local privileged user can read and manipulate data.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-virtual (Ubuntu package): before 5.4.0.59.62

linux-image-raspi2 (Ubuntu package): before 5.4.0.1026.61

linux-image-raspi (Ubuntu package): before 5.4.0.1026.61

linux-image-oracle (Ubuntu package): before 5.4.0.1034.31

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.59.62

linux-image-oem (Ubuntu package): before 5.4.0.59.62

linux-image-lowlatency (Ubuntu package): before 5.4.0.59.62

linux-image-kvm (Ubuntu package): before 5.4.0.1031.29

linux-image-generic-lpae (Ubuntu package): before 5.4.0.59.62

linux-image-generic (Ubuntu package): before 5.4.0.59.62

linux-image-gcp (Ubuntu package): before 5.4.0.1033.21

linux-image-azure (Ubuntu package): before 5.4.0.1035.17

linux-image-aws (Ubuntu package): before 5.4.0.1034.19

linux-image-5.4.0-59-lowlatency (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-59-generic-lpae (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-59-generic (Ubuntu package): before 5.4.0-59.65~18.04.1

linux-image-5.4.0-1035-azure (Ubuntu package): before 5.4.0-1035.36~18.04.1

linux-image-5.4.0-1034-oracle (Ubuntu package): before 5.4.0-1034.36~18.04.1

linux-image-5.4.0-1034-aws (Ubuntu package): before 5.4.0-1034.35~18.04.1

linux-image-5.4.0-1033-gcp (Ubuntu package): before 5.4.0-1033.35~18.04.1

linux-image-5.4.0-1031-kvm (Ubuntu package): before 5.4.0-1031.32

linux-image-5.4.0-1026-raspi (Ubuntu package): before 5.4.0-1026.29~18.04.1

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1026.30

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1033.35~18.04.2

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.59.65~18.04.54

linux-image-5.4.0-1033-gke (Ubuntu package): before 5.4.0-1033.35~18.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4679-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###