Ubuntu update for linux



Risk Medium
Patch available YES
Number of vulnerabilities 19
CVE-ID CVE-2020-25656
CVE-2020-25668
CVE-2020-25669
CVE-2020-25704
CVE-2020-27673
CVE-2020-27675
CVE-2020-27777
CVE-2020-27815
CVE-2020-27830
CVE-2020-28941
CVE-2020-27835
CVE-2020-28588
CVE-2020-28974
CVE-2020-29568
CVE-2020-29569
CVE-2020-29660
CVE-2020-29661
CVE-2020-35508
CWE-ID CWE-416
CWE-401
CWE-20
CWE-476
CWE-862
CWE-125
CWE-763
CWE-681
CWE-119
CWE-252
CWE-667
CWE-665
Exploitation vector Local
Public exploit Public exploit code for vulnerability #18 is available.
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

linux-image-raspi (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-64k-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-raspi-nolpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gke (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.8.0-44-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.8.0-44-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.8.0-44-generic-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.8.0-44-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.8.0-1024-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.8.0-1023-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.8.0-1023-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.8.0-1021-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.8.0-1019-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.8.0-1016-raspi (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 19 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU51547

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25656

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in the way the console subsystem uses KDGKBSENT and KDSKBSENT IOCTLs. A local user can run a specially crafted program to trigger an out-of-bounds read and gain access to sensitive information.


Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU83431

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25668

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the con_font_op. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use after free

EUVDB-ID: #VU92762

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25669

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory leak

EUVDB-ID: #VU55258

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25704

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the Linux kernel performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU94154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27673

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the clear_linked(), consume_one_event(), __evtchn_fifo_handle_events() and evtchn_fifo_percpu_init() functions in drivers/xen/events/events_fifo.c, within the module_param(), DEFINE_RWLOCK(), enable_dynirq(), notify_remote_via_irq(), EXPORT_SYMBOL_GPL(), xen_irq_init(), xen_free_irq(), xen_send_IPI_one(), __xen_evtchn_do_upcall(), xen_setup_callback_vector(), xen_evtchn_cpu_prepare() and xen_init_IRQ() functions in drivers/xen/events/events_base.c, within the active_evtchns() and evtchn_2l_handle_events() functions in drivers/xen/events/events_2l.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU83584

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27675

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/xen/events/events_base.c. A malicious guest can trigger a dom0 crash by sending events for a paravirtualized device while simultaneously performing its reconfiguration.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Missing Authorization

EUVDB-ID: #VU56242

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27777

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way RTAS handles memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like user could use this flaw to further increase their privileges to that of a running kernel.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU49169

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27815

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in fs/jfs/jfs_dmap.c. A local user can trigger out-of-bounds read error and crash the kernel.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Null pointer dereference

EUVDB-ID: #VU95192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27830

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Release of invalid pointer or reference

EUVDB-ID: #VU92422

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-28941

CWE-ID: CWE-763 - Release of invalid pointer or reference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to release of invalid pointer or reference error within the makefile. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use after free

EUVDB-ID: #VU92765

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27835

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Incorrect Conversion between Numeric Types

EUVDB-ID: #VU52687

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-28588

CWE-ID: CWE-681 - Incorrect Conversion between Numeric Types

Exploit availability: No

Description

The vulnerability allows a local attacker to gain unauthorized access to sensitive information on the system.

The vulnerability exists due to incorrect conversion between numeric types in the /proc/pid/syscall functionality. A local attacker can read /proc/pid/syscall to trigger this vulnerability, leading to the kernel leaking memory contents.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU90369

Risk: Medium

CVSSv4.0: 1.8 [CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-28974

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local privileged user to read and manipulate data.

The vulnerability exists due to an out-of-bounds read error within the con_font_default() and con_font_op() functions in drivers/tty/vt/vt.c. A local privileged user can read and manipulate data.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer overflow

EUVDB-ID: #VU52772

Risk: Low

CVSSv4.0: 5.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear]

CVE-ID: CVE-2020-29568

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local authenticated user to a crash the entire system.

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer overflow

EUVDB-ID: #VU52771

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-29568

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local authenticated user to a crash the entire system.

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Unchecked Return Value

EUVDB-ID: #VU56816

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-29569

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to an unchecked return value. A local user can cause a denial of service (DoS) condition, leading to privilege escalation and information leaks.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper locking

EUVDB-ID: #VU57039

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-29660

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to double-locking error in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c. An authenticated local user can exploit this vulnerability to perform a read-after-free attack against TIOCGSID and gain access to sensitive information.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper locking

EUVDB-ID: #VU51543

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2020-29661

CWE-ID: CWE-667 - Improper Locking

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a escalate privileges on the system.

The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

19) Improper Initialization

EUVDB-ID: #VU55259

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-35508

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper initialization of the process id in the Linux kernel child/parent process identification handling while filtering signal handlers. A local user can run a specially crafted application to bypass checks to send any signal to a privileged process.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 20.10

linux-image-raspi (Ubuntu package): before 5.8.0.1016.19

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.8.0.44.50~20.04.30

linux-image-virtual (Ubuntu package): before 5.8.0.44.49

linux-image-raspi-nolpae (Ubuntu package): before 5.8.0.1016.19

linux-image-oracle (Ubuntu package): before 5.8.0.1021.20

linux-image-oem-20.04 (Ubuntu package): before 5.8.0.44.49

linux-image-lowlatency (Ubuntu package): before 5.8.0.44.49

linux-image-kvm (Ubuntu package): before 5.8.0.1019.21

linux-image-gke (Ubuntu package): before 5.8.0.1023.23

linux-image-generic-lpae (Ubuntu package): before 5.8.0.44.49

linux-image-generic-64k (Ubuntu package): before 5.8.0.44.49

linux-image-generic (Ubuntu package): before 5.8.0.44.49

linux-image-gcp (Ubuntu package): before 5.8.0.1023.23

linux-image-azure (Ubuntu package): before 5.8.0.1023.23

linux-image-aws (Ubuntu package): before 5.8.0.1024.26

linux-image-5.8.0-44-lowlatency (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-lpae (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-44-generic-64k (Ubuntu package): before 5.8.0-44.50

linux-image-5.8.0-44-generic (Ubuntu package): before 5.8.0-44.50~20.04.1

linux-image-5.8.0-1024-aws (Ubuntu package): before 5.8.0-1024.26

linux-image-5.8.0-1023-gcp (Ubuntu package): before 5.8.0-1023.24

linux-image-5.8.0-1023-azure (Ubuntu package): before 5.8.0-1023.25

linux-image-5.8.0-1021-oracle (Ubuntu package): before 5.8.0-1021.22

linux-image-5.8.0-1019-kvm (Ubuntu package): before 5.8.0-1019.21

linux-image-5.8.0-1016-raspi-nolpae (Ubuntu package): before 5.8.0-1016.19

linux-image-5.8.0-1016-raspi (Ubuntu package): before 5.8.0-1016.19

CPE2.3 External links

https://ubuntu.com/security/notices/USN-4751-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###