Ubuntu update for linux

Published: 2021-08-24

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2021-3564 CVE-2021-3573
CWE-ID	CWE-415 CWE-416
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Ubuntu Operating systems & Components / Operating system linux-image-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-hwe-16.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-hwe-16.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-16.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws-hwe (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-snapdragon (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-154-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-154-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-154-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1122-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1111-snapdragon (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1110-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1107-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1098-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1094-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1079-oracle (Ubuntu package) Operating systems & Components / Operating system package or component
Vendor	Canonical Ltd.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Double Free

EUVDB-ID: #VU63660

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3564

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists due to bluetooth subsystem in the Linux kernel does not properly handle HCI device detach events. An attacker with physical access to the system can trigger double free error and perform a denial of service attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-oem (Ubuntu package): before 5.4.0.202.198

linux-image-oracle (Ubuntu package): before 6.8.0-1017.18~22.04.1

linux-image-gke (Ubuntu package): before 6.8.0-1015.19

linux-image-gcp (Ubuntu package): before 6.8.0-1019.21~22.04.1

linux-image-azure (Ubuntu package): before 6.8.0-1018.21~22.04.1

linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.210.193

linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.210.193

linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.210.193

linux-image-aws-hwe (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-virtual (Ubuntu package): before 4.15.0.154.143

linux-image-snapdragon (Ubuntu package): before 4.15.0.1111.114

linux-image-raspi2 (Ubuntu package): before 4.15.0.1094.92

linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1079.89

linux-image-lowlatency (Ubuntu package): before 4.15.0.154.143

linux-image-kvm (Ubuntu package): before 4.15.0.1098.94

linux-image-generic-lpae (Ubuntu package): before 4.15.0.154.143

linux-image-generic (Ubuntu package): before 4.15.0.154.143

linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1107.126

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1122.95

linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1110.113

linux-image-4.15.0-154-lowlatency (Ubuntu package): before 4.15.0-154.161

linux-image-4.15.0-154-generic-lpae (Ubuntu package): before 4.15.0-154.161

linux-image-4.15.0-154-generic (Ubuntu package): before 4.15.0-154.161

linux-image-4.15.0-1122-azure (Ubuntu package): before 4.15.0-1122.135

linux-image-4.15.0-1111-snapdragon (Ubuntu package): before 4.15.0-1111.120

linux-image-4.15.0-1110-aws (Ubuntu package): before 4.15.0-1110.117

linux-image-4.15.0-1107-gcp (Ubuntu package): before 4.15.0-1107.121

linux-image-4.15.0-1098-kvm (Ubuntu package): before 4.15.0-1098.100

linux-image-4.15.0-1094-raspi2 (Ubuntu package): before 4.15.0-1094.100

linux-image-4.15.0-1079-oracle (Ubuntu package): before 4.15.0-1079.87

CPE2.3

External links

https://ubuntu.com/security/notices/USN-5044-1

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU63662

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3573

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows local user to escalate their privileges on the system.

The vulnerability exists due to a use-after-free in hci_sock_bound_ioctl() function of the Linux kernel HCI subsystem triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user can use this flaw to crash the system or escalate privileges on the system.