Ubuntu update for linux
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2021-34693 CVE-2021-3564 CVE-2021-3573 |
| CWE-ID | CWE-908 CWE-415 CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gkeop (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-81-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gke-5.4 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1042-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-81-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-osp1 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1056-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1053-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gkeop-5.4 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1051-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1022-gkeop (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1045-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-81-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1055-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1051-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-snapdragon-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Use of uninitialized resource
EUVDB-ID: #VU55263
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-34693
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1042.77
linux-image-gkeop (Ubuntu package): before 5.4.0.1022.25
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1051.61
linux-image-lowlatency (Ubuntu package): before 5.4.0.81.85
linux-image-generic-lpae (Ubuntu package): before 5.4.0.81.85
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1053.53
linux-image-kvm (Ubuntu package): before 5.4.0.1045.44
linux-image-5.4.0-81-generic-lpae (Ubuntu package): before 5.4.0-81.91~18.04.1
linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1051.54~18.04.16
linux-image-5.4.0-1042-raspi (Ubuntu package): before 5.4.0-1042.46~18.04.3
linux-image-gke (Ubuntu package): before 5.4.0.1051.61
linux-image-raspi2 (Ubuntu package): before 5.4.0.1042.77
linux-image-5.4.0-81-lowlatency (Ubuntu package): before 5.4.0-81.91~18.04.1
linux-image-oem-osp1 (Ubuntu package): before 5.4.0.81.85
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1055.58
linux-image-5.4.0-1056-azure (Ubuntu package): before 5.4.0-1056.58~18.04.1
linux-image-5.4.0-1053-oracle (Ubuntu package): before 5.4.0-1053.57~18.04.1
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1022.23~18.04.23
linux-image-5.4.0-1051-gke (Ubuntu package): before 5.4.0-1051.54~18.04.1
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1056.54
linux-image-5.4.0-1022-gkeop (Ubuntu package): before 5.4.0-1022.23~18.04.1
linux-image-5.4.0-1045-kvm (Ubuntu package): before 5.4.0-1045.47
linux-image-oem (Ubuntu package): before 5.4.0.81.85
linux-image-generic (Ubuntu package): before 5.4.0.81.85
linux-image-virtual (Ubuntu package): before 5.4.0.81.85
linux-image-5.4.0-81-generic (Ubuntu package): before 5.4.0-81.91~18.04.1
linux-image-5.4.0-1055-aws (Ubuntu package): before 5.4.0-1055.58~18.04.1
linux-image-5.4.0-1051-gcp (Ubuntu package): before 5.4.0-1051.55~18.04.1
linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1042.45
linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-oracle (Ubuntu package): before 5.4.0.1053.57~18.04.33
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-gcp (Ubuntu package): before 5.4.0.1051.37
linux-image-azure (Ubuntu package): before 5.4.0.1056.36
linux-image-aws (Ubuntu package): before 5.4.0.1055.38
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-81-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1042-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-81-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1056-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1053-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1051-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1022-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1045-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-81-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1055-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1051-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5045-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Double Free
EUVDB-ID: #VU63660
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3564
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service attack.
The vulnerability exists due to bluetooth subsystem in the Linux kernel does not properly handle HCI device detach events. An attacker with physical access to the system can trigger double free error and perform a denial of service attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1042.77
linux-image-gkeop (Ubuntu package): before 5.4.0.1022.25
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1051.61
linux-image-lowlatency (Ubuntu package): before 5.4.0.81.85
linux-image-generic-lpae (Ubuntu package): before 5.4.0.81.85
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1053.53
linux-image-kvm (Ubuntu package): before 5.4.0.1045.44
linux-image-5.4.0-81-generic-lpae (Ubuntu package): before 5.4.0-81.91~18.04.1
linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1051.54~18.04.16
linux-image-5.4.0-1042-raspi (Ubuntu package): before 5.4.0-1042.46~18.04.3
linux-image-gke (Ubuntu package): before 5.4.0.1051.61
linux-image-raspi2 (Ubuntu package): before 5.4.0.1042.77
linux-image-5.4.0-81-lowlatency (Ubuntu package): before 5.4.0-81.91~18.04.1
linux-image-oem-osp1 (Ubuntu package): before 5.4.0.81.85
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1055.58
linux-image-5.4.0-1056-azure (Ubuntu package): before 5.4.0-1056.58~18.04.1
linux-image-5.4.0-1053-oracle (Ubuntu package): before 5.4.0-1053.57~18.04.1
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1022.23~18.04.23
linux-image-5.4.0-1051-gke (Ubuntu package): before 5.4.0-1051.54~18.04.1
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1056.54
linux-image-5.4.0-1022-gkeop (Ubuntu package): before 5.4.0-1022.23~18.04.1
linux-image-5.4.0-1045-kvm (Ubuntu package): before 5.4.0-1045.47
linux-image-oem (Ubuntu package): before 5.4.0.81.85
linux-image-generic (Ubuntu package): before 5.4.0.81.85
linux-image-virtual (Ubuntu package): before 5.4.0.81.85
linux-image-5.4.0-81-generic (Ubuntu package): before 5.4.0-81.91~18.04.1
linux-image-5.4.0-1055-aws (Ubuntu package): before 5.4.0-1055.58~18.04.1
linux-image-5.4.0-1051-gcp (Ubuntu package): before 5.4.0-1051.55~18.04.1
linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1042.45
linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-oracle (Ubuntu package): before 5.4.0.1053.57~18.04.33
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-gcp (Ubuntu package): before 5.4.0.1051.37
linux-image-azure (Ubuntu package): before 5.4.0.1056.36
linux-image-aws (Ubuntu package): before 5.4.0.1055.38
CPE2.3- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-81-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1042-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-81-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1056-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1053-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1051-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1022-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1045-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-81-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1055-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1051-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5045-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU63662
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3573
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows local user to escalate their privileges on the system.
The vulnerability exists due to a use-after-free in hci_sock_bound_ioctl() function of the Linux kernel HCI subsystem triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user can use this flaw to crash the system or escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1042.77
linux-image-gkeop (Ubuntu package): before 5.4.0.1022.25
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1051.61
linux-image-lowlatency (Ubuntu package): before 5.4.0.81.85
linux-image-generic-lpae (Ubuntu package): before 5.4.0.81.85
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1053.53
linux-image-kvm (Ubuntu package): before 5.4.0.1045.44
linux-image-5.4.0-81-generic-lpae (Ubuntu package): before 5.4.0-81.91~18.04.1
linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1051.54~18.04.16
linux-image-5.4.0-1042-raspi (Ubuntu package): before 5.4.0-1042.46~18.04.3
linux-image-gke (Ubuntu package): before 5.4.0.1051.61
linux-image-raspi2 (Ubuntu package): before 5.4.0.1042.77
linux-image-5.4.0-81-lowlatency (Ubuntu package): before 5.4.0-81.91~18.04.1
linux-image-oem-osp1 (Ubuntu package): before 5.4.0.81.85
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1055.58
linux-image-5.4.0-1056-azure (Ubuntu package): before 5.4.0-1056.58~18.04.1
linux-image-5.4.0-1053-oracle (Ubuntu package): before 5.4.0-1053.57~18.04.1
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1022.23~18.04.23
linux-image-5.4.0-1051-gke (Ubuntu package): before 5.4.0-1051.54~18.04.1
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1056.54
linux-image-5.4.0-1022-gkeop (Ubuntu package): before 5.4.0-1022.23~18.04.1
linux-image-5.4.0-1045-kvm (Ubuntu package): before 5.4.0-1045.47
linux-image-oem (Ubuntu package): before 5.4.0.81.85
linux-image-generic (Ubuntu package): before 5.4.0.81.85
linux-image-virtual (Ubuntu package): before 5.4.0.81.85
linux-image-5.4.0-81-generic (Ubuntu package): before 5.4.0-81.91~18.04.1
linux-image-5.4.0-1055-aws (Ubuntu package): before 5.4.0-1055.58~18.04.1
linux-image-5.4.0-1051-gcp (Ubuntu package): before 5.4.0-1051.55~18.04.1
linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1042.45
linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-oracle (Ubuntu package): before 5.4.0.1053.57~18.04.33
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.81.91~18.04.73
linux-image-gcp (Ubuntu package): before 5.4.0.1051.37
linux-image-azure (Ubuntu package): before 5.4.0.1056.36
linux-image-aws (Ubuntu package): before 5.4.0.1055.38
CPE2.3- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-81-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1042-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-81-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1056-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1053-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1051-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1022-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1045-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-81-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1055-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1051-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5045-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
