Ubuntu update for linux
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2021-20292 CVE-2021-26930 CVE-2021-26931 CVE-2021-28038 CVE-2021-28688 CVE-2021-29264 CVE-2021-29265 CVE-2021-29650 CVE-2021-30002 |
| CWE-ID | CWE-416 CWE-399 CWE-770 CWE-665 CWE-20 CWE-362 CWE-119 CWE-401 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-hwe-16.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-hwe-16.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-16.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws-hwe (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-snapdragon (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-dell300x (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-143-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-143-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-143-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1114-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1102-snapdragon (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1102-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1099-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1091-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1085-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1071-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1018-dell300x (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU63382
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-20292
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to a use-after-free error in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. A local user can escalate privileges and execute code in the context of the kernel.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-oem (Ubuntu package): before 5.4.0.202.198
linux-image-oracle (Ubuntu package): before 6.8.0-1017.18~22.04.1
linux-image-gke (Ubuntu package): before 6.8.0-1015.19
linux-image-gcp (Ubuntu package): before 6.8.0-1019.21~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1018.21~22.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-aws-hwe (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before 4.15.0.143.130
linux-image-snapdragon (Ubuntu package): before 4.15.0.1102.105
linux-image-raspi2 (Ubuntu package): before 4.15.0.1085.82
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1071.81
linux-image-lowlatency (Ubuntu package): before 4.15.0.143.130
linux-image-kvm (Ubuntu package): before 4.15.0.1091.87
linux-image-generic-lpae (Ubuntu package): before 4.15.0.143.130
linux-image-generic (Ubuntu package): before 4.15.0.143.130
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1099.117
linux-image-dell300x (Ubuntu package): before 4.15.0.1018.20
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1114.87
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1102.105
linux-image-4.15.0-143-lowlatency (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic-lpae (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-1114-azure (Ubuntu package): before 4.15.0-1114.127
linux-image-4.15.0-1102-snapdragon (Ubuntu package): before 4.15.0-1102.111
linux-image-4.15.0-1102-aws (Ubuntu package): before 4.15.0-1102.109
linux-image-4.15.0-1099-gcp (Ubuntu package): before 4.15.0-1099.112
linux-image-4.15.0-1091-kvm (Ubuntu package): before 4.15.0-1091.93
linux-image-4.15.0-1085-raspi2 (Ubuntu package): before 4.15.0-1085.90
linux-image-4.15.0-1071-oracle (Ubuntu package): before 4.15.0-1071.79
linux-image-4.15.0-1018-dell300x (Ubuntu package): before 4.15.0-1018.22
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1114-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1099-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1091-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1085-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1071-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1018-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4946-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU51587
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-26930
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources when processing service requests to the PV backend within drivers/block/xen-blkback/blkback.c driver in Xen. A local user on the guest OS can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-oem (Ubuntu package): before 5.4.0.202.198
linux-image-oracle (Ubuntu package): before 6.8.0-1017.18~22.04.1
linux-image-gke (Ubuntu package): before 6.8.0-1015.19
linux-image-gcp (Ubuntu package): before 6.8.0-1019.21~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1018.21~22.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-aws-hwe (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before 4.15.0.143.130
linux-image-snapdragon (Ubuntu package): before 4.15.0.1102.105
linux-image-raspi2 (Ubuntu package): before 4.15.0.1085.82
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1071.81
linux-image-lowlatency (Ubuntu package): before 4.15.0.143.130
linux-image-kvm (Ubuntu package): before 4.15.0.1091.87
linux-image-generic-lpae (Ubuntu package): before 4.15.0.143.130
linux-image-generic (Ubuntu package): before 4.15.0.143.130
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1099.117
linux-image-dell300x (Ubuntu package): before 4.15.0.1018.20
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1114.87
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1102.105
linux-image-4.15.0-143-lowlatency (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic-lpae (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-1114-azure (Ubuntu package): before 4.15.0-1114.127
linux-image-4.15.0-1102-snapdragon (Ubuntu package): before 4.15.0-1102.111
linux-image-4.15.0-1102-aws (Ubuntu package): before 4.15.0-1102.109
linux-image-4.15.0-1099-gcp (Ubuntu package): before 4.15.0-1099.112
linux-image-4.15.0-1091-kvm (Ubuntu package): before 4.15.0-1091.93
linux-image-4.15.0-1085-raspi2 (Ubuntu package): before 4.15.0-1085.90
linux-image-4.15.0-1071-oracle (Ubuntu package): before 4.15.0-1071.79
linux-image-4.15.0-1018-dell300x (Ubuntu package): before 4.15.0-1018.22
CPE2.3- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1114-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1099-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1091-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1085-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1071-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1018-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4946-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Allocation of resources without limits or throttling
EUVDB-ID: #VU92418
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-26931
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to allocation of resources without limits or throttling error within the scsiback_gnttab_data_map_batch() function in drivers/xen/xen-scsiback.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-oem (Ubuntu package): before 5.4.0.202.198
linux-image-oracle (Ubuntu package): before 6.8.0-1017.18~22.04.1
linux-image-gke (Ubuntu package): before 6.8.0-1015.19
linux-image-gcp (Ubuntu package): before 6.8.0-1019.21~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1018.21~22.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-aws-hwe (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before 4.15.0.143.130
linux-image-snapdragon (Ubuntu package): before 4.15.0.1102.105
linux-image-raspi2 (Ubuntu package): before 4.15.0.1085.82
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1071.81
linux-image-lowlatency (Ubuntu package): before 4.15.0.143.130
linux-image-kvm (Ubuntu package): before 4.15.0.1091.87
linux-image-generic-lpae (Ubuntu package): before 4.15.0.143.130
linux-image-generic (Ubuntu package): before 4.15.0.143.130
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1099.117
linux-image-dell300x (Ubuntu package): before 4.15.0.1018.20
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1114.87
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1102.105
linux-image-4.15.0-143-lowlatency (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic-lpae (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-1114-azure (Ubuntu package): before 4.15.0-1114.127
linux-image-4.15.0-1102-snapdragon (Ubuntu package): before 4.15.0-1102.111
linux-image-4.15.0-1102-aws (Ubuntu package): before 4.15.0-1102.109
linux-image-4.15.0-1099-gcp (Ubuntu package): before 4.15.0-1099.112
linux-image-4.15.0-1091-kvm (Ubuntu package): before 4.15.0-1091.93
linux-image-4.15.0-1085-raspi2 (Ubuntu package): before 4.15.0-1085.90
linux-image-4.15.0-1071-oracle (Ubuntu package): before 4.15.0-1071.79
linux-image-4.15.0-1018-dell300x (Ubuntu package): before 4.15.0-1018.22
CPE2.3- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1114-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1099-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1091-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1085-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1071-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1018-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4946-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Allocation of resources without limits or throttling
EUVDB-ID: #VU92417
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28038
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a local user to a crash the entire system.
The vulnerability exists due to allocation of resources without limits or throttling error within the xenvif_tx_action() function in drivers/net/xen-netback/netback.c. A local user can a crash the entire system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-oem (Ubuntu package): before 5.4.0.202.198
linux-image-oracle (Ubuntu package): before 6.8.0-1017.18~22.04.1
linux-image-gke (Ubuntu package): before 6.8.0-1015.19
linux-image-gcp (Ubuntu package): before 6.8.0-1019.21~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1018.21~22.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-aws-hwe (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before 4.15.0.143.130
linux-image-snapdragon (Ubuntu package): before 4.15.0.1102.105
linux-image-raspi2 (Ubuntu package): before 4.15.0.1085.82
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1071.81
linux-image-lowlatency (Ubuntu package): before 4.15.0.143.130
linux-image-kvm (Ubuntu package): before 4.15.0.1091.87
linux-image-generic-lpae (Ubuntu package): before 4.15.0.143.130
linux-image-generic (Ubuntu package): before 4.15.0.143.130
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1099.117
linux-image-dell300x (Ubuntu package): before 4.15.0.1018.20
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1114.87
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1102.105
linux-image-4.15.0-143-lowlatency (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic-lpae (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-1114-azure (Ubuntu package): before 4.15.0-1114.127
linux-image-4.15.0-1102-snapdragon (Ubuntu package): before 4.15.0-1102.111
linux-image-4.15.0-1102-aws (Ubuntu package): before 4.15.0-1102.109
linux-image-4.15.0-1099-gcp (Ubuntu package): before 4.15.0-1099.112
linux-image-4.15.0-1091-kvm (Ubuntu package): before 4.15.0-1091.93
linux-image-4.15.0-1085-raspi2 (Ubuntu package): before 4.15.0-1085.90
linux-image-4.15.0-1071-oracle (Ubuntu package): before 4.15.0-1071.79
linux-image-4.15.0-1018-dell300x (Ubuntu package): before 4.15.0-1018.22
CPE2.3- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1114-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1099-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1091-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1085-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1071-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1018-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4946-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Initialization
EUVDB-ID: #VU63658
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28688
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to improper initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. A local user can perform a denial of service attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-oem (Ubuntu package): before 5.4.0.202.198
linux-image-oracle (Ubuntu package): before 6.8.0-1017.18~22.04.1
linux-image-gke (Ubuntu package): before 6.8.0-1015.19
linux-image-gcp (Ubuntu package): before 6.8.0-1019.21~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1018.21~22.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-aws-hwe (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before 4.15.0.143.130
linux-image-snapdragon (Ubuntu package): before 4.15.0.1102.105
linux-image-raspi2 (Ubuntu package): before 4.15.0.1085.82
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1071.81
linux-image-lowlatency (Ubuntu package): before 4.15.0.143.130
linux-image-kvm (Ubuntu package): before 4.15.0.1091.87
linux-image-generic-lpae (Ubuntu package): before 4.15.0.143.130
linux-image-generic (Ubuntu package): before 4.15.0.143.130
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1099.117
linux-image-dell300x (Ubuntu package): before 4.15.0.1018.20
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1114.87
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1102.105
linux-image-4.15.0-143-lowlatency (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic-lpae (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-1114-azure (Ubuntu package): before 4.15.0-1114.127
linux-image-4.15.0-1102-snapdragon (Ubuntu package): before 4.15.0-1102.111
linux-image-4.15.0-1102-aws (Ubuntu package): before 4.15.0-1102.109
linux-image-4.15.0-1099-gcp (Ubuntu package): before 4.15.0-1099.112
linux-image-4.15.0-1091-kvm (Ubuntu package): before 4.15.0-1091.93
linux-image-4.15.0-1085-raspi2 (Ubuntu package): before 4.15.0-1085.90
linux-image-4.15.0-1071-oracle (Ubuntu package): before 4.15.0-1071.79
linux-image-4.15.0-1018-dell300x (Ubuntu package): before 4.15.0-1018.22
CPE2.3- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1114-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1099-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1091-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1085-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1071-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1018-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4946-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU93697
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-29264
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gfar_add_rx_frag() and gfar_clean_rx_ring() functions in drivers/net/ethernet/freescale/gianfar.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-oem (Ubuntu package): before 5.4.0.202.198
linux-image-oracle (Ubuntu package): before 6.8.0-1017.18~22.04.1
linux-image-gke (Ubuntu package): before 6.8.0-1015.19
linux-image-gcp (Ubuntu package): before 6.8.0-1019.21~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1018.21~22.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-aws-hwe (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before 4.15.0.143.130
linux-image-snapdragon (Ubuntu package): before 4.15.0.1102.105
linux-image-raspi2 (Ubuntu package): before 4.15.0.1085.82
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1071.81
linux-image-lowlatency (Ubuntu package): before 4.15.0.143.130
linux-image-kvm (Ubuntu package): before 4.15.0.1091.87
linux-image-generic-lpae (Ubuntu package): before 4.15.0.143.130
linux-image-generic (Ubuntu package): before 4.15.0.143.130
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1099.117
linux-image-dell300x (Ubuntu package): before 4.15.0.1018.20
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1114.87
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1102.105
linux-image-4.15.0-143-lowlatency (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic-lpae (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-1114-azure (Ubuntu package): before 4.15.0-1114.127
linux-image-4.15.0-1102-snapdragon (Ubuntu package): before 4.15.0-1102.111
linux-image-4.15.0-1102-aws (Ubuntu package): before 4.15.0-1102.109
linux-image-4.15.0-1099-gcp (Ubuntu package): before 4.15.0-1099.112
linux-image-4.15.0-1091-kvm (Ubuntu package): before 4.15.0-1091.93
linux-image-4.15.0-1085-raspi2 (Ubuntu package): before 4.15.0-1085.90
linux-image-4.15.0-1071-oracle (Ubuntu package): before 4.15.0-1071.79
linux-image-4.15.0-1018-dell300x (Ubuntu package): before 4.15.0-1018.22
CPE2.3- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1114-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1099-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1091-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1085-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1071-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1018-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4946-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Race condition
EUVDB-ID: #VU91488
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-29265
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the usbip_sockfd_store() function in drivers/usb/usbip/stub_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-oem (Ubuntu package): before 5.4.0.202.198
linux-image-oracle (Ubuntu package): before 6.8.0-1017.18~22.04.1
linux-image-gke (Ubuntu package): before 6.8.0-1015.19
linux-image-gcp (Ubuntu package): before 6.8.0-1019.21~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1018.21~22.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-aws-hwe (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before 4.15.0.143.130
linux-image-snapdragon (Ubuntu package): before 4.15.0.1102.105
linux-image-raspi2 (Ubuntu package): before 4.15.0.1085.82
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1071.81
linux-image-lowlatency (Ubuntu package): before 4.15.0.143.130
linux-image-kvm (Ubuntu package): before 4.15.0.1091.87
linux-image-generic-lpae (Ubuntu package): before 4.15.0.143.130
linux-image-generic (Ubuntu package): before 4.15.0.143.130
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1099.117
linux-image-dell300x (Ubuntu package): before 4.15.0.1018.20
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1114.87
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1102.105
linux-image-4.15.0-143-lowlatency (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic-lpae (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-1114-azure (Ubuntu package): before 4.15.0-1114.127
linux-image-4.15.0-1102-snapdragon (Ubuntu package): before 4.15.0-1102.111
linux-image-4.15.0-1102-aws (Ubuntu package): before 4.15.0-1102.109
linux-image-4.15.0-1099-gcp (Ubuntu package): before 4.15.0-1099.112
linux-image-4.15.0-1091-kvm (Ubuntu package): before 4.15.0-1091.93
linux-image-4.15.0-1085-raspi2 (Ubuntu package): before 4.15.0-1085.90
linux-image-4.15.0-1071-oracle (Ubuntu package): before 4.15.0-1071.79
linux-image-4.15.0-1018-dell300x (Ubuntu package): before 4.15.0-1018.22
CPE2.3- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1114-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1099-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1091-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1085-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1071-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1018-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4946-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU56240
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-29650
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h. A local user can trigger memory corruption upon the assignment of a new table value and cause denial of service.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-oem (Ubuntu package): before 5.4.0.202.198
linux-image-oracle (Ubuntu package): before 6.8.0-1017.18~22.04.1
linux-image-gke (Ubuntu package): before 6.8.0-1015.19
linux-image-gcp (Ubuntu package): before 6.8.0-1019.21~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1018.21~22.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-aws-hwe (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before 4.15.0.143.130
linux-image-snapdragon (Ubuntu package): before 4.15.0.1102.105
linux-image-raspi2 (Ubuntu package): before 4.15.0.1085.82
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1071.81
linux-image-lowlatency (Ubuntu package): before 4.15.0.143.130
linux-image-kvm (Ubuntu package): before 4.15.0.1091.87
linux-image-generic-lpae (Ubuntu package): before 4.15.0.143.130
linux-image-generic (Ubuntu package): before 4.15.0.143.130
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1099.117
linux-image-dell300x (Ubuntu package): before 4.15.0.1018.20
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1114.87
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1102.105
linux-image-4.15.0-143-lowlatency (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic-lpae (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-1114-azure (Ubuntu package): before 4.15.0-1114.127
linux-image-4.15.0-1102-snapdragon (Ubuntu package): before 4.15.0-1102.111
linux-image-4.15.0-1102-aws (Ubuntu package): before 4.15.0-1102.109
linux-image-4.15.0-1099-gcp (Ubuntu package): before 4.15.0-1099.112
linux-image-4.15.0-1091-kvm (Ubuntu package): before 4.15.0-1091.93
linux-image-4.15.0-1085-raspi2 (Ubuntu package): before 4.15.0-1085.90
linux-image-4.15.0-1071-oracle (Ubuntu package): before 4.15.0-1071.79
linux-image-4.15.0-1018-dell300x (Ubuntu package): before 4.15.0-1018.22
CPE2.3- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1114-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1099-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1091-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1085-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1071-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1018-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4946-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU68552
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-30002
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the webcam support driver in video_usercopy() function in drivers/media/v4l2-core/v4l2-ioctl.c in Linux kernel. A local user can trigger leak memory and perform denial of service attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-oem (Ubuntu package): before 5.4.0.202.198
linux-image-oracle (Ubuntu package): before 6.8.0-1017.18~22.04.1
linux-image-gke (Ubuntu package): before 6.8.0-1015.19
linux-image-gcp (Ubuntu package): before 6.8.0-1019.21~22.04.1
linux-image-azure (Ubuntu package): before 6.8.0-1018.21~22.04.1
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.210.193
linux-image-aws-hwe (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before 4.15.0.143.130
linux-image-snapdragon (Ubuntu package): before 4.15.0.1102.105
linux-image-raspi2 (Ubuntu package): before 4.15.0.1085.82
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1071.81
linux-image-lowlatency (Ubuntu package): before 4.15.0.143.130
linux-image-kvm (Ubuntu package): before 4.15.0.1091.87
linux-image-generic-lpae (Ubuntu package): before 4.15.0.143.130
linux-image-generic (Ubuntu package): before 4.15.0.143.130
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1099.117
linux-image-dell300x (Ubuntu package): before 4.15.0.1018.20
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1114.87
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1102.105
linux-image-4.15.0-143-lowlatency (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic-lpae (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-143-generic (Ubuntu package): before 4.15.0-143.147
linux-image-4.15.0-1114-azure (Ubuntu package): before 4.15.0-1114.127
linux-image-4.15.0-1102-snapdragon (Ubuntu package): before 4.15.0-1102.111
linux-image-4.15.0-1102-aws (Ubuntu package): before 4.15.0-1102.109
linux-image-4.15.0-1099-gcp (Ubuntu package): before 4.15.0-1099.112
linux-image-4.15.0-1091-kvm (Ubuntu package): before 4.15.0-1091.93
linux-image-4.15.0-1085-raspi2 (Ubuntu package): before 4.15.0-1085.90
linux-image-4.15.0-1071-oracle (Ubuntu package): before 4.15.0-1071.79
linux-image-4.15.0-1018-dell300x (Ubuntu package): before 4.15.0-1018.22
CPE2.3- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-143-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1114-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1102-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1099-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1091-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1085-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1071-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1018-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4946-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
