SB2021093042 - Ubuntu update for linux-raspi2

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021093042

SB2021093042 - Ubuntu update for linux-raspi2

Published: September 30, 2021

Security Bulletin ID SB2021093042
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2021-22543)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Linux kernel when handling VM_IO|VM_PFNMAP vmas in KVM. A local user can  can bypass RO checks and cause the pages to get freed while still accessible by the VMM and guest. As a result, an attacker with the ability to start and control a VM to read/write random pages of memory, can trigger memory corruption and execute arbitrary code with elevated privileges.



2) Resource exhaustion (CVE-ID: CVE-2021-3679)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to lack of CPU resource in the Linux kernel tracing module functionality when using trace ring buffer in a specific way. A privileged local user (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-3732)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in the way the user mounts the TmpFS filesystem with OverlayFS. A local user can gain access to hidden files that should not be accessible.


4) Use-after-free (CVE-ID: CVE-2021-38204)

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the drivers/usb/host/max3421-hcd.c in the Linux kernel. An attacker with physical access to the system can remove a MAX-3421 USB device to perform a denial of service attack.


5) Access of uninitialized pointer (CVE-ID: CVE-2021-38205)

The vulnerability allows a local user to manipulate data.

drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).


Remediation

Install update from vendor's website.

References