Ubuntu update for linux-oem-5.13



Risk Low
Patch available YES
Number of vulnerabilities 15
CVE-ID CVE-2021-41073
CVE-2021-34556
CVE-2021-35477
CVE-2021-3612
CVE-2021-3679
CVE-2021-37159
CVE-2021-3732
CVE-2021-38166
CVE-2021-38199
CVE-2021-38201
CVE-2021-38202
CVE-2021-38203
CVE-2021-38204
CVE-2021-38205
CVE-2021-40490
CWE-ID CWE-269
CWE-200
CWE-203
CWE-787
CWE-400
CWE-415
CWE-264
CWE-125
CWE-362
CWE-667
CWE-416
CWE-824
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

linux-image-oem-20.04c (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.13.0-1014-oem (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) Improper Privilege Management

EUVDB-ID: #VU68300

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2021-41073

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management within the loop_rw_iter() function in fs/io_uring.c in Linux kernel. A local user can escalate privileges on the system by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer.

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Information disclosure

EUVDB-ID: #VU64203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-34556

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Observable discrepancy

EUVDB-ID: #VU92412

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-35477

CWE-ID: CWE-203 - Observable discrepancy

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to observable discrepancy error. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

EUVDB-ID: #VU55231

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3612

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in joystick devices subsystem in Linux kernel. A local user can make a specially crafted JSIOCSBTNMAP IOCTL call, trigger out-of-bounds write and execute arbitrary code with escalated privileges.

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Resource exhaustion

EUVDB-ID: #VU63664

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3679

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to lack of CPU resource in the Linux kernel tracing module functionality when using trace ring buffer in a specific way. A privileged local user (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Double Free

EUVDB-ID: #VU63575

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-37159

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to hso_free_net_device() function in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state. A local user can trigger double free and use-after-free errors and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU74548

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3732

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in the way the user mounts the TmpFS filesystem with OverlayFS. A local user can gain access to hidden files that should not be accessible.

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU90365

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-38166

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the kvmalloc() function in kernel/bpf/hashtab.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Race condition

EUVDB-ID: #VU61208

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-38199

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to fs/nfs/nfs4client.c in the Linux kernel has incorrect connection-setup ordering. A remote attacker with access to a remote NFSv4 server can perform a denial of service (DoS) attack by arranging the server to be unreachable during trunking detection.

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU57137

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-38201

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the net/sunrpc/xdr.c in the Linux kernel. A remote user can perform multiple NFS 4.2 READ_PLUS operations and cause a denial of service attack.

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

EUVDB-ID: #VU92754

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-38202

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper locking

EUVDB-ID: #VU92756

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-38203

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU63666

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-38204

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the drivers/usb/host/max3421-hcd.c in the Linux kernel. An attacker with physical access to the system can remove a MAX-3421 USB device to perform a denial of service attack.

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Access of uninitialized pointer

EUVDB-ID: #VU92755

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-38205

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Race condition

EUVDB-ID: #VU63667

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-40490

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Update the affected package linux-oem-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04c (Ubuntu package): before 5.13.0.1014.18

linux-image-5.13.0-1014-oem (Ubuntu package): before 5.13.0-1014.18

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###