SB2021022546 - Ubuntu update for linux

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021022546

SB2021022546 - Ubuntu update for linux

Published: February 25, 2021

Security Bulletin ID SB2021022546
Severity
Low
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Use after free (CVE-ID: CVE-2020-25669)

The vulnerability allows a local user to execute arbitrary code.

A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.


2) Out-of-bounds read (CVE-ID: CVE-2020-27815)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in fs/jfs/jfs_dmap.c. A local user can trigger out-of-bounds read error and crash the kernel.


3) Null pointer dereference (CVE-ID: CVE-2020-27830)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.


4) Release of invalid pointer or reference (CVE-ID: CVE-2020-28941)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to release of invalid pointer or reference error within the makefile. A local user can perform a denial of service (DoS) attack.


5) Incorrect Conversion between Numeric Types (CVE-ID: CVE-2020-28588)

The vulnerability allows a local attacker to gain unauthorized access to sensitive information on the system.

The vulnerability exists due to incorrect conversion between numeric types in the /proc/pid/syscall functionality. A local attacker can read /proc/pid/syscall to trigger this vulnerability, leading to the kernel leaking memory contents.


6) Buffer overflow (CVE-ID: CVE-2020-29568)

The vulnerability allows a local authenticated user to a crash the entire system.

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.


7) Buffer overflow (CVE-ID: CVE-2020-29568)

The vulnerability allows a local authenticated user to a crash the entire system.

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.


8) Unchecked Return Value (CVE-ID: CVE-2020-29569)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to an unchecked return value. A local user can cause a denial of service (DoS) condition, leading to privilege escalation and information leaks.


9) Improper locking (CVE-ID: CVE-2020-29660)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to double-locking error in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c. An authenticated local user can exploit this vulnerability to perform a read-after-free attack against TIOCGSID and gain access to sensitive information.


10) Improper locking (CVE-ID: CVE-2020-29661)

The vulnerability allows a local user to perform a escalate privileges on the system.

The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.


11) Out-of-bounds read (CVE-ID: CVE-2021-20177)

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected.


Remediation

Install update from vendor's website.

References