Ubuntu update for linux-oem-5.14

1) Use-after-free

EUVDB-ID: #VU63816

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3760

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the NFC stack. A local user can trigger use-after-free error to escalate privileges on the system.

Mitigation

Update the affected package linux-oem-5.14 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04d (Ubuntu package): before 5.14.0.1008.8

linux-image-5.14.0-1008-oem (Ubuntu package): before 5.14.0-1008.8

CPE2.3

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.14.0-1008-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-5165-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Insufficient verification of data authenticity

EUVDB-ID: #VU63835

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-3772

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to insufficient verification of data authenticity in the Linux SCTP stack. A remote attacker can exploit this vulnerability to perform a denial of service attack.

Mitigation

Update the affected package linux-oem-5.14 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04d (Ubuntu package): before 5.14.0.1008.8

linux-image-5.14.0-1008-oem (Ubuntu package): before 5.14.0-1008.8

CPE2.3

• cpe:2.3:a:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.14.0-1008-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-5165-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU92411

Risk: Low

CVSSv4.0: 7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2021-42327

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: Yes

Description

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to out-of-bounds write error. A local privileged user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-5.14 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04d (Ubuntu package): before 5.14.0.1008.8

linux-image-5.14.0-1008-oem (Ubuntu package): before 5.14.0-1008.8

CPE2.3

• cpe:2.3:a:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.14.0-1008-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-5165-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Buffer overflow

EUVDB-ID: #VU59474

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-42739

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary within the firewire subsystem in the Linux kernel in drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c files. A local privileged user can run a specially crafted program tat calls avc_ca_pmt() function to trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-5.14 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04d (Ubuntu package): before 5.14.0.1008.8

linux-image-5.14.0-1008-oem (Ubuntu package): before 5.14.0-1008.8

CPE2.3

• cpe:2.3:a:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.14.0-1008-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-5165-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Unchecked Return Value

EUVDB-ID: #VU63921

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-43056

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation error when handling SRR1 register values. A local user can perform a denial of service attack, when the host is running on Power8.

Mitigation

Update the affected package linux-oem-5.14 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04d (Ubuntu package): before 5.14.0.1008.8

linux-image-5.14.0-1008-oem (Ubuntu package): before 5.14.0-1008.8

CPE2.3

• cpe:2.3:a:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.14.0-1008-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-5165-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU58209

Risk: Medium

CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2021-43267

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in net/tipc/crypto.c in the Linux kernel. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

A remote attacker can send specially crafted MSG_CRYPTO messages to the affected system, trigger memory corruption and execute arbitrary code on the system.

Mitigation

Update the affected package linux-oem-5.14 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04d (Ubuntu package): before 5.14.0.1008.8

linux-image-5.14.0-1008-oem (Ubuntu package): before 5.14.0-1008.8

CPE2.3

• cpe:2.3:a:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.14.0-1008-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-5165-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Improper Validation of Array Index

EUVDB-ID: #VU63385

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-43389

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to improper validation of array index in the ISDN CAPI implementation within detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can send specially crafted data to the system and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-5.14 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-oem-20.04d (Ubuntu package): before 5.14.0.1008.8

linux-image-5.14.0-1008-oem (Ubuntu package): before 5.14.0-1008.8

CPE2.3

• cpe:2.3:a:canonical:linux-image-oem-20.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:linux-image-5.14.0-1008-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-5165-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.