Ubuntu update for linux
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2020-25639 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-29265 CVE-2021-29650 CVE-2021-30002 |
| CWE-ID | CWE-476 CWE-770 CWE-862 CWE-787 CWE-362 CWE-119 CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-gkeop (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-osp1 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gkeop-5.4 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gke-5.4 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-73-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-73-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-73-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1048-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1047-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1045-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1043-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1043-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1039-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1015-gkeop (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1044-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-snapdragon-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Null pointer dereference
EUVDB-ID: #VU92764
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-25639
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-gkeop (Ubuntu package): before 5.4.0.1015.18
linux-image-virtual (Ubuntu package): before 5.4.0.73.76
linux-image-oracle (Ubuntu package): before 5.4.0.1044.47~18.04.26
linux-image-oem-osp1 (Ubuntu package): before 5.4.0.73.76
linux-image-oem (Ubuntu package): before 5.4.0.73.76
linux-image-lowlatency (Ubuntu package): before 5.4.0.73.76
linux-image-kvm (Ubuntu package): before 5.4.0.1039.37
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1015.16~18.04.16
linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1043.45~18.04.9
linux-image-gke (Ubuntu package): before 5.4.0.1043.52
linux-image-generic-lpae (Ubuntu package): before 5.4.0.73.76
linux-image-generic (Ubuntu package): before 5.4.0.73.76
linux-image-gcp (Ubuntu package): before 5.4.0.1043.30
linux-image-azure (Ubuntu package): before 5.4.0.1047.26
linux-image-aws (Ubuntu package): before 5.4.0.1048.30
linux-image-5.4.0-73-lowlatency (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-73-generic-lpae (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-73-generic (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-1048-aws (Ubuntu package): before 5.4.0-1048.50~18.04.1
linux-image-5.4.0-1047-azure (Ubuntu package): before 5.4.0-1047.49~18.04.1
linux-image-5.4.0-1045-oracle (Ubuntu package): before 5.4.0-1045.49+1
linux-image-5.4.0-1043-gke (Ubuntu package): before 5.4.0-1043.45~18.04.1
linux-image-5.4.0-1043-gcp (Ubuntu package): before 5.4.0-1043.46~18.04.1
linux-image-5.4.0-1039-kvm (Ubuntu package): before 5.4.0-1039.40
linux-image-5.4.0-1015-gkeop (Ubuntu package): before 5.4.0-1015.16~18.04.1
linux-image-5.4.0-1044-oracle (Ubuntu package): before 5.4.0-1044.47~18.04.1
linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1048-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1047-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1045-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1043-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1043-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1039-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1015-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1044-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4945-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Allocation of resources without limits or throttling
EUVDB-ID: #VU92417
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28038
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a local user to a crash the entire system.
The vulnerability exists due to allocation of resources without limits or throttling error within the xenvif_tx_action() function in drivers/net/xen-netback/netback.c. A local user can a crash the entire system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-gkeop (Ubuntu package): before 5.4.0.1015.18
linux-image-virtual (Ubuntu package): before 5.4.0.73.76
linux-image-oracle (Ubuntu package): before 5.4.0.1044.47~18.04.26
linux-image-oem-osp1 (Ubuntu package): before 5.4.0.73.76
linux-image-oem (Ubuntu package): before 5.4.0.73.76
linux-image-lowlatency (Ubuntu package): before 5.4.0.73.76
linux-image-kvm (Ubuntu package): before 5.4.0.1039.37
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1015.16~18.04.16
linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1043.45~18.04.9
linux-image-gke (Ubuntu package): before 5.4.0.1043.52
linux-image-generic-lpae (Ubuntu package): before 5.4.0.73.76
linux-image-generic (Ubuntu package): before 5.4.0.73.76
linux-image-gcp (Ubuntu package): before 5.4.0.1043.30
linux-image-azure (Ubuntu package): before 5.4.0.1047.26
linux-image-aws (Ubuntu package): before 5.4.0.1048.30
linux-image-5.4.0-73-lowlatency (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-73-generic-lpae (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-73-generic (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-1048-aws (Ubuntu package): before 5.4.0-1048.50~18.04.1
linux-image-5.4.0-1047-azure (Ubuntu package): before 5.4.0-1047.49~18.04.1
linux-image-5.4.0-1045-oracle (Ubuntu package): before 5.4.0-1045.49+1
linux-image-5.4.0-1043-gke (Ubuntu package): before 5.4.0-1043.45~18.04.1
linux-image-5.4.0-1043-gcp (Ubuntu package): before 5.4.0-1043.46~18.04.1
linux-image-5.4.0-1039-kvm (Ubuntu package): before 5.4.0-1039.40
linux-image-5.4.0-1015-gkeop (Ubuntu package): before 5.4.0-1015.16~18.04.1
linux-image-5.4.0-1044-oracle (Ubuntu package): before 5.4.0-1044.47~18.04.1
linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
CPE2.3- cpe:2.3:o:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1048-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1047-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1045-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1043-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1043-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1039-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1015-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1044-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4945-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Missing authorization
EUVDB-ID: #VU92415
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28375
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to missing authorization error within the fastrpc_internal_invoke() function in drivers/misc/fastrpc.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-gkeop (Ubuntu package): before 5.4.0.1015.18
linux-image-virtual (Ubuntu package): before 5.4.0.73.76
linux-image-oracle (Ubuntu package): before 5.4.0.1044.47~18.04.26
linux-image-oem-osp1 (Ubuntu package): before 5.4.0.73.76
linux-image-oem (Ubuntu package): before 5.4.0.73.76
linux-image-lowlatency (Ubuntu package): before 5.4.0.73.76
linux-image-kvm (Ubuntu package): before 5.4.0.1039.37
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1015.16~18.04.16
linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1043.45~18.04.9
linux-image-gke (Ubuntu package): before 5.4.0.1043.52
linux-image-generic-lpae (Ubuntu package): before 5.4.0.73.76
linux-image-generic (Ubuntu package): before 5.4.0.73.76
linux-image-gcp (Ubuntu package): before 5.4.0.1043.30
linux-image-azure (Ubuntu package): before 5.4.0.1047.26
linux-image-aws (Ubuntu package): before 5.4.0.1048.30
linux-image-5.4.0-73-lowlatency (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-73-generic-lpae (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-73-generic (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-1048-aws (Ubuntu package): before 5.4.0-1048.50~18.04.1
linux-image-5.4.0-1047-azure (Ubuntu package): before 5.4.0-1047.49~18.04.1
linux-image-5.4.0-1045-oracle (Ubuntu package): before 5.4.0-1045.49+1
linux-image-5.4.0-1043-gke (Ubuntu package): before 5.4.0-1043.45~18.04.1
linux-image-5.4.0-1043-gcp (Ubuntu package): before 5.4.0-1043.46~18.04.1
linux-image-5.4.0-1039-kvm (Ubuntu package): before 5.4.0-1039.40
linux-image-5.4.0-1015-gkeop (Ubuntu package): before 5.4.0-1015.16~18.04.1
linux-image-5.4.0-1044-oracle (Ubuntu package): before 5.4.0-1044.47~18.04.1
linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
CPE2.3- cpe:2.3:o:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1048-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1047-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1045-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1043-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1043-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1039-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1015-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1044-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4945-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU56817
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28660
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the "rtw_wx_set_scan" in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c. A local user can trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-gkeop (Ubuntu package): before 5.4.0.1015.18
linux-image-virtual (Ubuntu package): before 5.4.0.73.76
linux-image-oracle (Ubuntu package): before 5.4.0.1044.47~18.04.26
linux-image-oem-osp1 (Ubuntu package): before 5.4.0.73.76
linux-image-oem (Ubuntu package): before 5.4.0.73.76
linux-image-lowlatency (Ubuntu package): before 5.4.0.73.76
linux-image-kvm (Ubuntu package): before 5.4.0.1039.37
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1015.16~18.04.16
linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1043.45~18.04.9
linux-image-gke (Ubuntu package): before 5.4.0.1043.52
linux-image-generic-lpae (Ubuntu package): before 5.4.0.73.76
linux-image-generic (Ubuntu package): before 5.4.0.73.76
linux-image-gcp (Ubuntu package): before 5.4.0.1043.30
linux-image-azure (Ubuntu package): before 5.4.0.1047.26
linux-image-aws (Ubuntu package): before 5.4.0.1048.30
linux-image-5.4.0-73-lowlatency (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-73-generic-lpae (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-73-generic (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-1048-aws (Ubuntu package): before 5.4.0-1048.50~18.04.1
linux-image-5.4.0-1047-azure (Ubuntu package): before 5.4.0-1047.49~18.04.1
linux-image-5.4.0-1045-oracle (Ubuntu package): before 5.4.0-1045.49+1
linux-image-5.4.0-1043-gke (Ubuntu package): before 5.4.0-1043.45~18.04.1
linux-image-5.4.0-1043-gcp (Ubuntu package): before 5.4.0-1043.46~18.04.1
linux-image-5.4.0-1039-kvm (Ubuntu package): before 5.4.0-1039.40
linux-image-5.4.0-1015-gkeop (Ubuntu package): before 5.4.0-1015.16~18.04.1
linux-image-5.4.0-1044-oracle (Ubuntu package): before 5.4.0-1044.47~18.04.1
linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
CPE2.3- cpe:2.3:o:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1048-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1047-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1045-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1043-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1043-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1039-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1015-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1044-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4945-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Race condition
EUVDB-ID: #VU91488
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-29265
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the usbip_sockfd_store() function in drivers/usb/usbip/stub_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-gkeop (Ubuntu package): before 5.4.0.1015.18
linux-image-virtual (Ubuntu package): before 5.4.0.73.76
linux-image-oracle (Ubuntu package): before 5.4.0.1044.47~18.04.26
linux-image-oem-osp1 (Ubuntu package): before 5.4.0.73.76
linux-image-oem (Ubuntu package): before 5.4.0.73.76
linux-image-lowlatency (Ubuntu package): before 5.4.0.73.76
linux-image-kvm (Ubuntu package): before 5.4.0.1039.37
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1015.16~18.04.16
linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1043.45~18.04.9
linux-image-gke (Ubuntu package): before 5.4.0.1043.52
linux-image-generic-lpae (Ubuntu package): before 5.4.0.73.76
linux-image-generic (Ubuntu package): before 5.4.0.73.76
linux-image-gcp (Ubuntu package): before 5.4.0.1043.30
linux-image-azure (Ubuntu package): before 5.4.0.1047.26
linux-image-aws (Ubuntu package): before 5.4.0.1048.30
linux-image-5.4.0-73-lowlatency (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-73-generic-lpae (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-73-generic (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-1048-aws (Ubuntu package): before 5.4.0-1048.50~18.04.1
linux-image-5.4.0-1047-azure (Ubuntu package): before 5.4.0-1047.49~18.04.1
linux-image-5.4.0-1045-oracle (Ubuntu package): before 5.4.0-1045.49+1
linux-image-5.4.0-1043-gke (Ubuntu package): before 5.4.0-1043.45~18.04.1
linux-image-5.4.0-1043-gcp (Ubuntu package): before 5.4.0-1043.46~18.04.1
linux-image-5.4.0-1039-kvm (Ubuntu package): before 5.4.0-1039.40
linux-image-5.4.0-1015-gkeop (Ubuntu package): before 5.4.0-1015.16~18.04.1
linux-image-5.4.0-1044-oracle (Ubuntu package): before 5.4.0-1044.47~18.04.1
linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
CPE2.3- cpe:2.3:o:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1048-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1047-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1045-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1043-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1043-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1039-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1015-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1044-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4945-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU56240
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-29650
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h. A local user can trigger memory corruption upon the assignment of a new table value and cause denial of service.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-gkeop (Ubuntu package): before 5.4.0.1015.18
linux-image-virtual (Ubuntu package): before 5.4.0.73.76
linux-image-oracle (Ubuntu package): before 5.4.0.1044.47~18.04.26
linux-image-oem-osp1 (Ubuntu package): before 5.4.0.73.76
linux-image-oem (Ubuntu package): before 5.4.0.73.76
linux-image-lowlatency (Ubuntu package): before 5.4.0.73.76
linux-image-kvm (Ubuntu package): before 5.4.0.1039.37
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1015.16~18.04.16
linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1043.45~18.04.9
linux-image-gke (Ubuntu package): before 5.4.0.1043.52
linux-image-generic-lpae (Ubuntu package): before 5.4.0.73.76
linux-image-generic (Ubuntu package): before 5.4.0.73.76
linux-image-gcp (Ubuntu package): before 5.4.0.1043.30
linux-image-azure (Ubuntu package): before 5.4.0.1047.26
linux-image-aws (Ubuntu package): before 5.4.0.1048.30
linux-image-5.4.0-73-lowlatency (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-73-generic-lpae (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-73-generic (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-1048-aws (Ubuntu package): before 5.4.0-1048.50~18.04.1
linux-image-5.4.0-1047-azure (Ubuntu package): before 5.4.0-1047.49~18.04.1
linux-image-5.4.0-1045-oracle (Ubuntu package): before 5.4.0-1045.49+1
linux-image-5.4.0-1043-gke (Ubuntu package): before 5.4.0-1043.45~18.04.1
linux-image-5.4.0-1043-gcp (Ubuntu package): before 5.4.0-1043.46~18.04.1
linux-image-5.4.0-1039-kvm (Ubuntu package): before 5.4.0-1039.40
linux-image-5.4.0-1015-gkeop (Ubuntu package): before 5.4.0-1015.16~18.04.1
linux-image-5.4.0-1044-oracle (Ubuntu package): before 5.4.0-1044.47~18.04.1
linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
CPE2.3- cpe:2.3:o:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1048-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1047-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1045-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1043-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1043-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1039-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1015-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1044-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4945-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU68552
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-30002
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the webcam support driver in video_usercopy() function in drivers/media/v4l2-core/v4l2-ioctl.c in Linux kernel. A local user can trigger leak memory and perform denial of service attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-gkeop (Ubuntu package): before 5.4.0.1015.18
linux-image-virtual (Ubuntu package): before 5.4.0.73.76
linux-image-oracle (Ubuntu package): before 5.4.0.1044.47~18.04.26
linux-image-oem-osp1 (Ubuntu package): before 5.4.0.73.76
linux-image-oem (Ubuntu package): before 5.4.0.73.76
linux-image-lowlatency (Ubuntu package): before 5.4.0.73.76
linux-image-kvm (Ubuntu package): before 5.4.0.1039.37
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1015.16~18.04.16
linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1043.45~18.04.9
linux-image-gke (Ubuntu package): before 5.4.0.1043.52
linux-image-generic-lpae (Ubuntu package): before 5.4.0.73.76
linux-image-generic (Ubuntu package): before 5.4.0.73.76
linux-image-gcp (Ubuntu package): before 5.4.0.1043.30
linux-image-azure (Ubuntu package): before 5.4.0.1047.26
linux-image-aws (Ubuntu package): before 5.4.0.1048.30
linux-image-5.4.0-73-lowlatency (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-73-generic-lpae (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-73-generic (Ubuntu package): before 5.4.0-73.82~18.04.1
linux-image-5.4.0-1048-aws (Ubuntu package): before 5.4.0-1048.50~18.04.1
linux-image-5.4.0-1047-azure (Ubuntu package): before 5.4.0-1047.49~18.04.1
linux-image-5.4.0-1045-oracle (Ubuntu package): before 5.4.0-1045.49+1
linux-image-5.4.0-1043-gke (Ubuntu package): before 5.4.0-1043.45~18.04.1
linux-image-5.4.0-1043-gcp (Ubuntu package): before 5.4.0-1043.46~18.04.1
linux-image-5.4.0-1039-kvm (Ubuntu package): before 5.4.0-1039.40
linux-image-5.4.0-1015-gkeop (Ubuntu package): before 5.4.0-1015.16~18.04.1
linux-image-5.4.0-1044-oracle (Ubuntu package): before 5.4.0-1044.47~18.04.1
linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.73.82~18.04.66
CPE2.3- cpe:2.3:o:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-73-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1048-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1047-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1045-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1043-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1043-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1039-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1015-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-5.4.0-1044-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4945-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
