Kernelcare OVAL Generator
1
5.11.1
2023-07-10T00:02:19
CVE-2009-5155 on Ubuntu 20.04 LTS (focal) - negligible.
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.
Update Instructions:
Run `sudo pro fix CVE-2009-5155` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.29-0ubuntu2
libc-bin - 2.29-0ubuntu2
libc6 - 2.29-0ubuntu2
libc6-amd64 - 2.29-0ubuntu2
libc6-armel - 2.29-0ubuntu2
libc6-i386 - 2.29-0ubuntu2
libc6-lse - 2.29-0ubuntu2
libc6-pic - 2.29-0ubuntu2
libc6-prof - 2.29-0ubuntu2
libc6-s390 - 2.29-0ubuntu2
libc6-x32 - 2.29-0ubuntu2
locales - 2.29-0ubuntu2
locales-all - 2.29-0ubuntu2
nscd - 2.29-0ubuntu2
No subscription required
git-merge-changelog - 20140202+stable-4
gnulib - 20140202+stable-4
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2019 Canonical Ltd.
2019-02-26
2019-02-26
https://sourceware.org/bugzilla/show_bug.cgi?id=11053
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238
https://sourceware.org/bugzilla/show_bug.cgi?id=18986
CVE-2009-5155
CVE-2015-8553 on Ubuntu 20.04 LTS (focal) - medium.
Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.
Ubuntu 20.04 LTS
Medium
Copyright (C) 2016 Canonical Ltd.
2016-04-13
https://launchpad.net/bugs/1530958
CVE-2015-8553
mdeslaur> see version 5 of XSA-120 advisory for updates patches sbeattie> deferring as it introduced problems with some QEMU setups first fix is af6fc858a35b90e89ea7a7ee58e66628c55c776b; the regression fix doesn't seem to have made it upstream description is incorrect, the incomplete fix is to CVE-2015-2150
CVE-2016-10228 on Ubuntu 20.04 LTS (focal) - negligible.
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2016-10228` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9.7
libc-bin - 2.31-0ubuntu9.7
libc6 - 2.31-0ubuntu9.7
libc6-amd64 - 2.31-0ubuntu9.7
libc6-armel - 2.31-0ubuntu9.7
libc6-i386 - 2.31-0ubuntu9.7
libc6-lse - 2.31-0ubuntu9.7
libc6-pic - 2.31-0ubuntu9.7
libc6-prof - 2.31-0ubuntu9.7
libc6-s390 - 2.31-0ubuntu9.7
libc6-x32 - 2.31-0ubuntu9.7
locales - 2.31-0ubuntu9.7
locales-all - 2.31-0ubuntu9.7
nscd - 2.31-0ubuntu9.7
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2017 Canonical Ltd.
2017-03-02
2017-03-02
Jan Engelhardt
https://sourceware.org/bugzilla/show_bug.cgi?id=19519
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856503
CVE-2016-10228
CVE-2016-10723 on Ubuntu 20.04 LTS (focal) - low.
** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle."
Update Instructions:
Run `sudo pro fix CVE-2016-10723` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2018 Canonical Ltd.
2018-06-21
CVE-2016-10723
tyhicks> 9bfe5ded054b8e28a94c78580f233d6879a00146 may be an incomplete fix; see the lore.kernel.org references above As of 2019-01-24, we're deferring this issue since there's not a complete, low risk fix available
CVE-2016-10739 on Ubuntu 20.04 LTS (focal) - low.
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.
Update Instructions:
Run `sudo pro fix CVE-2016-10739` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.29-0ubuntu2
libc-bin - 2.29-0ubuntu2
libc6 - 2.29-0ubuntu2
libc6-amd64 - 2.29-0ubuntu2
libc6-armel - 2.29-0ubuntu2
libc6-i386 - 2.29-0ubuntu2
libc6-lse - 2.29-0ubuntu2
libc6-pic - 2.29-0ubuntu2
libc6-prof - 2.29-0ubuntu2
libc6-s390 - 2.29-0ubuntu2
libc6-x32 - 2.29-0ubuntu2
locales - 2.29-0ubuntu2
locales-all - 2.29-0ubuntu2
nscd - 2.29-0ubuntu2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-01-21
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920047
https://bugzilla.redhat.com/show_bug.cgi?id=1347549
https://sourceware.org/bugzilla/show_bug.cgi?id=20018
CVE-2016-10739
mdeslaur> glibc uses this internally to parse config files, fixing this may introduce unwanted regressions and changes in behaviour leosilva> See CVE-2019-18348 for Python that is affected by this issue.
CVE-2016-2853 on Ubuntu 20.04 LTS (focal) - low.
The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namespaces, when mounted with the non-default allow_userns option set. A local attacker could use this to gain administrative privileges.
Ubuntu 20.04 LTS
Low
Copyright (C) 2016 Canonical Ltd.
2016-05-02
2016-05-02
https://launchpad.net/bugs/1547400
CVE-2016-2853
sbeattie> requires aufs module inserted with allow_userns option, which is not the default fixed in upstream aufs on 2016-02-19, marking kernel's that imported aufs branches after that as not-affected
CVE-2016-2854 on Ubuntu 20.04 LTS (focal) - low.
The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. It was discovered that the aufs file system in the Linux kernel did not properly maintain POSIX ACL xattr data, when mounted with the non-default allow_userns option. A local attacker could possibly use this to gain elevated privileges.
Ubuntu 20.04 LTS
Low
Copyright (C) 2016 Canonical Ltd.
2016-05-02
2016-05-02
https://launchpad.net/bugs/1554262
CVE-2016-2854
sbeattie> requires aufs module inserted with allow_userns option, which is not the default in upstream aufs on 2016-02-19, marking kernel's that imported aufs after that date as not-affected
CVE-2017-10911 on Ubuntu 20.04 LTS (focal) - medium.
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216. Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
Update Instructions:
Run `sudo pro fix CVE-2017-10911` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
qemu - 1:2.10+dfsg-0ubuntu1
qemu-block-extra - 1:2.10+dfsg-0ubuntu1
qemu-guest-agent - 1:2.10+dfsg-0ubuntu1
qemu-kvm - 1:2.10+dfsg-0ubuntu1
qemu-system - 1:2.10+dfsg-0ubuntu1
qemu-system-arm - 1:2.10+dfsg-0ubuntu1
qemu-system-common - 1:2.10+dfsg-0ubuntu1
qemu-system-data - 1:2.10+dfsg-0ubuntu1
qemu-system-gui - 1:2.10+dfsg-0ubuntu1
qemu-system-mips - 1:2.10+dfsg-0ubuntu1
qemu-system-misc - 1:2.10+dfsg-0ubuntu1
qemu-system-ppc - 1:2.10+dfsg-0ubuntu1
qemu-system-s390x - 1:2.10+dfsg-0ubuntu1
qemu-system-sparc - 1:2.10+dfsg-0ubuntu1
qemu-system-x86 - 1:2.10+dfsg-0ubuntu1
qemu-system-x86-microvm - 1:2.10+dfsg-0ubuntu1
qemu-system-x86-xen - 1:2.10+dfsg-0ubuntu1
qemu-user - 1:2.10+dfsg-0ubuntu1
qemu-user-binfmt - 1:2.10+dfsg-0ubuntu1
qemu-user-static - 1:2.10+dfsg-0ubuntu1
qemu-utils - 1:2.10+dfsg-0ubuntu1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2017 Canonical Ltd.
2017-07-04
2017-07-04
Anthony Perard
CVE-2017-10911
CVE-2017-12133 on Ubuntu 20.04 LTS (focal) - low.
Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.
Update Instructions:
Run `sudo pro fix CVE-2017-12133` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.26-0ubuntu2
libc-bin - 2.26-0ubuntu2
libc6 - 2.26-0ubuntu2
libc6-amd64 - 2.26-0ubuntu2
libc6-armel - 2.26-0ubuntu2
libc6-i386 - 2.26-0ubuntu2
libc6-lse - 2.26-0ubuntu2
libc6-pic - 2.26-0ubuntu2
libc6-prof - 2.26-0ubuntu2
libc6-s390 - 2.26-0ubuntu2
libc6-x32 - 2.26-0ubuntu2
locales - 2.26-0ubuntu2
locales-all - 2.26-0ubuntu2
nscd - 2.26-0ubuntu2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2017 Canonical Ltd.
2017-09-07
2017-09-07
Florian Weimer
https://sourceware.org/bugzilla/show_bug.cgi?id=21115
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870648
CVE-2017-12133
chrisccoulson> The CVE description doesn't seem to match the description in the linked bug report and upstream patch sbeattie> introduced in CVE-2016-4429 fix
CVE-2018-11236 on Ubuntu 20.04 LTS (focal) - medium.
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.
Update Instructions:
Run `sudo pro fix CVE-2018-11236` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.28-0ubuntu1
libc-bin - 2.28-0ubuntu1
libc6 - 2.28-0ubuntu1
libc6-amd64 - 2.28-0ubuntu1
libc6-armel - 2.28-0ubuntu1
libc6-i386 - 2.28-0ubuntu1
libc6-lse - 2.28-0ubuntu1
libc6-pic - 2.28-0ubuntu1
libc6-prof - 2.28-0ubuntu1
libc6-s390 - 2.28-0ubuntu1
libc6-x32 - 2.28-0ubuntu1
locales - 2.28-0ubuntu1
locales-all - 2.28-0ubuntu1
nscd - 2.28-0ubuntu1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-05-18
2018-05-18
mdeslaur
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899071
https://sourceware.org/bugzilla/show_bug.cgi?id=22786
CVE-2018-11236
CVE-2018-1128 on Ubuntu 20.04 LTS (focal) - medium.
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Update Instructions:
Run `sudo pro fix CVE-2018-1128` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
ceph - 13.2.4+dfsg1-0ubuntu1
ceph-base - 13.2.4+dfsg1-0ubuntu1
ceph-common - 13.2.4+dfsg1-0ubuntu1
ceph-fuse - 13.2.4+dfsg1-0ubuntu1
ceph-immutable-object-cache - 13.2.4+dfsg1-0ubuntu1
ceph-mds - 13.2.4+dfsg1-0ubuntu1
ceph-mgr - 13.2.4+dfsg1-0ubuntu1
ceph-mgr-cephadm - 13.2.4+dfsg1-0ubuntu1
ceph-mgr-dashboard - 13.2.4+dfsg1-0ubuntu1
ceph-mgr-diskprediction-cloud - 13.2.4+dfsg1-0ubuntu1
ceph-mgr-diskprediction-local - 13.2.4+dfsg1-0ubuntu1
ceph-mgr-k8sevents - 13.2.4+dfsg1-0ubuntu1
ceph-mgr-modules-core - 13.2.4+dfsg1-0ubuntu1
ceph-mgr-rook - 13.2.4+dfsg1-0ubuntu1
ceph-mon - 13.2.4+dfsg1-0ubuntu1
ceph-osd - 13.2.4+dfsg1-0ubuntu1
ceph-resource-agents - 13.2.4+dfsg1-0ubuntu1
cephadm - 13.2.4+dfsg1-0ubuntu1
cephfs-shell - 13.2.4+dfsg1-0ubuntu1
libcephfs-java - 13.2.4+dfsg1-0ubuntu1
libcephfs-jni - 13.2.4+dfsg1-0ubuntu1
libcephfs2 - 13.2.4+dfsg1-0ubuntu1
librados2 - 13.2.4+dfsg1-0ubuntu1
libradosstriper1 - 13.2.4+dfsg1-0ubuntu1
librbd1 - 13.2.4+dfsg1-0ubuntu1
librgw2 - 13.2.4+dfsg1-0ubuntu1
python3-ceph - 13.2.4+dfsg1-0ubuntu1
python3-ceph-argparse - 13.2.4+dfsg1-0ubuntu1
python3-ceph-common - 13.2.4+dfsg1-0ubuntu1
python3-cephfs - 13.2.4+dfsg1-0ubuntu1
python3-rados - 13.2.4+dfsg1-0ubuntu1
python3-rbd - 13.2.4+dfsg1-0ubuntu1
python3-rgw - 13.2.4+dfsg1-0ubuntu1
radosgw - 13.2.4+dfsg1-0ubuntu1
rbd-fuse - 13.2.4+dfsg1-0ubuntu1
rbd-mirror - 13.2.4+dfsg1-0ubuntu1
rbd-nbd - 13.2.4+dfsg1-0ubuntu1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-07-10
http://tracker.ceph.com/issues/24836
https://bugzilla.redhat.com/show_bug.cgi?id=1575866
CVE-2018-1128
CVE-2018-1129 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Update Instructions:
Run `sudo pro fix CVE-2018-1129` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
ceph - 13.2.4+dfsg1-0ubuntu1
ceph-base - 13.2.4+dfsg1-0ubuntu1
ceph-common - 13.2.4+dfsg1-0ubuntu1
ceph-fuse - 13.2.4+dfsg1-0ubuntu1
ceph-immutable-object-cache - 13.2.4+dfsg1-0ubuntu1
ceph-mds - 13.2.4+dfsg1-0ubuntu1
ceph-mgr - 13.2.4+dfsg1-0ubuntu1
ceph-mgr-cephadm - 13.2.4+dfsg1-0ubuntu1
ceph-mgr-dashboard - 13.2.4+dfsg1-0ubuntu1
ceph-mgr-diskprediction-cloud - 13.2.4+dfsg1-0ubuntu1
ceph-mgr-diskprediction-local - 13.2.4+dfsg1-0ubuntu1
ceph-mgr-k8sevents - 13.2.4+dfsg1-0ubuntu1
ceph-mgr-modules-core - 13.2.4+dfsg1-0ubuntu1
ceph-mgr-rook - 13.2.4+dfsg1-0ubuntu1
ceph-mon - 13.2.4+dfsg1-0ubuntu1
ceph-osd - 13.2.4+dfsg1-0ubuntu1
ceph-resource-agents - 13.2.4+dfsg1-0ubuntu1
cephadm - 13.2.4+dfsg1-0ubuntu1
cephfs-shell - 13.2.4+dfsg1-0ubuntu1
libcephfs-java - 13.2.4+dfsg1-0ubuntu1
libcephfs-jni - 13.2.4+dfsg1-0ubuntu1
libcephfs2 - 13.2.4+dfsg1-0ubuntu1
librados2 - 13.2.4+dfsg1-0ubuntu1
libradosstriper1 - 13.2.4+dfsg1-0ubuntu1
librbd1 - 13.2.4+dfsg1-0ubuntu1
librgw2 - 13.2.4+dfsg1-0ubuntu1
python3-ceph - 13.2.4+dfsg1-0ubuntu1
python3-ceph-argparse - 13.2.4+dfsg1-0ubuntu1
python3-ceph-common - 13.2.4+dfsg1-0ubuntu1
python3-cephfs - 13.2.4+dfsg1-0ubuntu1
python3-rados - 13.2.4+dfsg1-0ubuntu1
python3-rbd - 13.2.4+dfsg1-0ubuntu1
python3-rgw - 13.2.4+dfsg1-0ubuntu1
radosgw - 13.2.4+dfsg1-0ubuntu1
rbd-fuse - 13.2.4+dfsg1-0ubuntu1
rbd-mirror - 13.2.4+dfsg1-0ubuntu1
rbd-nbd - 13.2.4+dfsg1-0ubuntu1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-07-10
http://tracker.ceph.com/issues/24837
https://bugzilla.redhat.com/show_bug.cgi?id=1576057
CVE-2018-1129
CVE-2018-12126 on Ubuntu 20.04 LTS (focal) - high.
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2018-12126` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
intel-microcode - 3.20190514.0ubuntu1
No subscription required
libnss-libvirt - 5.0.0-1ubuntu4
libvirt-clients - 5.0.0-1ubuntu4
libvirt-daemon - 5.0.0-1ubuntu4
libvirt-daemon-driver-lxc - 5.0.0-1ubuntu4
libvirt-daemon-driver-qemu - 5.0.0-1ubuntu4
libvirt-daemon-driver-storage-gluster - 5.0.0-1ubuntu4
libvirt-daemon-driver-storage-rbd - 5.0.0-1ubuntu4
libvirt-daemon-driver-storage-zfs - 5.0.0-1ubuntu4
libvirt-daemon-driver-vbox - 5.0.0-1ubuntu4
libvirt-daemon-driver-xen - 5.0.0-1ubuntu4
libvirt-daemon-system - 5.0.0-1ubuntu4
libvirt-daemon-system-systemd - 5.0.0-1ubuntu4
libvirt-daemon-system-sysv - 5.0.0-1ubuntu4
libvirt-sanlock - 5.0.0-1ubuntu4
libvirt-wireshark - 5.0.0-1ubuntu4
libvirt0 - 5.0.0-1ubuntu4
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
qemu - 1:3.1+dfsg-2ubuntu4
qemu-block-extra - 1:3.1+dfsg-2ubuntu4
qemu-guest-agent - 1:3.1+dfsg-2ubuntu4
qemu-kvm - 1:3.1+dfsg-2ubuntu4
qemu-system - 1:3.1+dfsg-2ubuntu4
qemu-system-arm - 1:3.1+dfsg-2ubuntu4
qemu-system-common - 1:3.1+dfsg-2ubuntu4
qemu-system-data - 1:3.1+dfsg-2ubuntu4
qemu-system-gui - 1:3.1+dfsg-2ubuntu4
qemu-system-mips - 1:3.1+dfsg-2ubuntu4
qemu-system-misc - 1:3.1+dfsg-2ubuntu4
qemu-system-ppc - 1:3.1+dfsg-2ubuntu4
qemu-system-s390x - 1:3.1+dfsg-2ubuntu4
qemu-system-sparc - 1:3.1+dfsg-2ubuntu4
qemu-system-x86 - 1:3.1+dfsg-2ubuntu4
qemu-system-x86-microvm - 1:3.1+dfsg-2ubuntu4
qemu-system-x86-xen - 1:3.1+dfsg-2ubuntu4
qemu-user - 1:3.1+dfsg-2ubuntu4
qemu-user-binfmt - 1:3.1+dfsg-2ubuntu4
qemu-user-static - 1:3.1+dfsg-2ubuntu4
qemu-utils - 1:3.1+dfsg-2ubuntu4
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2019 Canonical Ltd.
2019-05-14
2019-05-14
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom
2019-05-14
CVE-2018-12126
CVE-2018-12127 on Ubuntu 20.04 LTS (focal) - high.
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2018-12127` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
intel-microcode - 3.20190514.0ubuntu1
No subscription required
libnss-libvirt - 5.0.0-1ubuntu4
libvirt-clients - 5.0.0-1ubuntu4
libvirt-daemon - 5.0.0-1ubuntu4
libvirt-daemon-driver-lxc - 5.0.0-1ubuntu4
libvirt-daemon-driver-qemu - 5.0.0-1ubuntu4
libvirt-daemon-driver-storage-gluster - 5.0.0-1ubuntu4
libvirt-daemon-driver-storage-rbd - 5.0.0-1ubuntu4
libvirt-daemon-driver-storage-zfs - 5.0.0-1ubuntu4
libvirt-daemon-driver-vbox - 5.0.0-1ubuntu4
libvirt-daemon-driver-xen - 5.0.0-1ubuntu4
libvirt-daemon-system - 5.0.0-1ubuntu4
libvirt-daemon-system-systemd - 5.0.0-1ubuntu4
libvirt-daemon-system-sysv - 5.0.0-1ubuntu4
libvirt-sanlock - 5.0.0-1ubuntu4
libvirt-wireshark - 5.0.0-1ubuntu4
libvirt0 - 5.0.0-1ubuntu4
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
qemu - 1:3.1+dfsg-2ubuntu4
qemu-block-extra - 1:3.1+dfsg-2ubuntu4
qemu-guest-agent - 1:3.1+dfsg-2ubuntu4
qemu-kvm - 1:3.1+dfsg-2ubuntu4
qemu-system - 1:3.1+dfsg-2ubuntu4
qemu-system-arm - 1:3.1+dfsg-2ubuntu4
qemu-system-common - 1:3.1+dfsg-2ubuntu4
qemu-system-data - 1:3.1+dfsg-2ubuntu4
qemu-system-gui - 1:3.1+dfsg-2ubuntu4
qemu-system-mips - 1:3.1+dfsg-2ubuntu4
qemu-system-misc - 1:3.1+dfsg-2ubuntu4
qemu-system-ppc - 1:3.1+dfsg-2ubuntu4
qemu-system-s390x - 1:3.1+dfsg-2ubuntu4
qemu-system-sparc - 1:3.1+dfsg-2ubuntu4
qemu-system-x86 - 1:3.1+dfsg-2ubuntu4
qemu-system-x86-microvm - 1:3.1+dfsg-2ubuntu4
qemu-system-x86-xen - 1:3.1+dfsg-2ubuntu4
qemu-user - 1:3.1+dfsg-2ubuntu4
qemu-user-binfmt - 1:3.1+dfsg-2ubuntu4
qemu-user-static - 1:3.1+dfsg-2ubuntu4
qemu-utils - 1:3.1+dfsg-2ubuntu4
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2019 Canonical Ltd.
2019-05-14
2019-05-14
Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida
2019-05-14
CVE-2018-12127
CVE-2018-12130 on Ubuntu 20.04 LTS (focal) - high.
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2018-12130` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
intel-microcode - 3.20190514.0ubuntu1
No subscription required
libnss-libvirt - 5.0.0-1ubuntu4
libvirt-clients - 5.0.0-1ubuntu4
libvirt-daemon - 5.0.0-1ubuntu4
libvirt-daemon-driver-lxc - 5.0.0-1ubuntu4
libvirt-daemon-driver-qemu - 5.0.0-1ubuntu4
libvirt-daemon-driver-storage-gluster - 5.0.0-1ubuntu4
libvirt-daemon-driver-storage-rbd - 5.0.0-1ubuntu4
libvirt-daemon-driver-storage-zfs - 5.0.0-1ubuntu4
libvirt-daemon-driver-vbox - 5.0.0-1ubuntu4
libvirt-daemon-driver-xen - 5.0.0-1ubuntu4
libvirt-daemon-system - 5.0.0-1ubuntu4
libvirt-daemon-system-systemd - 5.0.0-1ubuntu4
libvirt-daemon-system-sysv - 5.0.0-1ubuntu4
libvirt-sanlock - 5.0.0-1ubuntu4
libvirt-wireshark - 5.0.0-1ubuntu4
libvirt0 - 5.0.0-1ubuntu4
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
qemu - 1:3.1+dfsg-2ubuntu4
qemu-block-extra - 1:3.1+dfsg-2ubuntu4
qemu-guest-agent - 1:3.1+dfsg-2ubuntu4
qemu-kvm - 1:3.1+dfsg-2ubuntu4
qemu-system - 1:3.1+dfsg-2ubuntu4
qemu-system-arm - 1:3.1+dfsg-2ubuntu4
qemu-system-common - 1:3.1+dfsg-2ubuntu4
qemu-system-data - 1:3.1+dfsg-2ubuntu4
qemu-system-gui - 1:3.1+dfsg-2ubuntu4
qemu-system-mips - 1:3.1+dfsg-2ubuntu4
qemu-system-misc - 1:3.1+dfsg-2ubuntu4
qemu-system-ppc - 1:3.1+dfsg-2ubuntu4
qemu-system-s390x - 1:3.1+dfsg-2ubuntu4
qemu-system-sparc - 1:3.1+dfsg-2ubuntu4
qemu-system-x86 - 1:3.1+dfsg-2ubuntu4
qemu-system-x86-microvm - 1:3.1+dfsg-2ubuntu4
qemu-system-x86-xen - 1:3.1+dfsg-2ubuntu4
qemu-user - 1:3.1+dfsg-2ubuntu4
qemu-user-binfmt - 1:3.1+dfsg-2ubuntu4
qemu-user-static - 1:3.1+dfsg-2ubuntu4
qemu-utils - 1:3.1+dfsg-2ubuntu4
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2019 Canonical Ltd.
2019-05-14
2019-05-14
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss
2019-05-14
CVE-2018-12130
CVE-2018-12207 on Ubuntu 20.04 LTS (focal) - high.
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash).
Update Instructions:
Run `sudo pro fix CVE-2018-12207` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
libxencall1 - 4.11.3+24-g14b62ab3e5-1ubuntu2
libxendevicemodel1 - 4.11.3+24-g14b62ab3e5-1ubuntu2
libxenevtchn1 - 4.11.3+24-g14b62ab3e5-1ubuntu2
libxenforeignmemory1 - 4.11.3+24-g14b62ab3e5-1ubuntu2
libxengnttab1 - 4.11.3+24-g14b62ab3e5-1ubuntu2
libxenmisc4.11 - 4.11.3+24-g14b62ab3e5-1ubuntu2
libxenstore3.0 - 4.11.3+24-g14b62ab3e5-1ubuntu2
libxentoolcore1 - 4.11.3+24-g14b62ab3e5-1ubuntu2
libxentoollog1 - 4.11.3+24-g14b62ab3e5-1ubuntu2
xen-hypervisor-4.11-amd64 - 4.11.3+24-g14b62ab3e5-1ubuntu2
xen-hypervisor-4.11-arm64 - 4.11.3+24-g14b62ab3e5-1ubuntu2
xen-hypervisor-4.11-armhf - 4.11.3+24-g14b62ab3e5-1ubuntu2
xen-hypervisor-4.9-amd64 - 4.11.3+24-g14b62ab3e5-1ubuntu2
xen-hypervisor-4.9-arm64 - 4.11.3+24-g14b62ab3e5-1ubuntu2
xen-hypervisor-4.9-armhf - 4.11.3+24-g14b62ab3e5-1ubuntu2
xen-hypervisor-common - 4.11.3+24-g14b62ab3e5-1ubuntu2
xen-system-amd64 - 4.11.3+24-g14b62ab3e5-1ubuntu2
xen-system-arm64 - 4.11.3+24-g14b62ab3e5-1ubuntu2
xen-system-armhf - 4.11.3+24-g14b62ab3e5-1ubuntu2
xen-utils-4.11 - 4.11.3+24-g14b62ab3e5-1ubuntu2
xen-utils-common - 4.11.3+24-g14b62ab3e5-1ubuntu2
xenstore-utils - 4.11.3+24-g14b62ab3e5-1ubuntu2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2019 Canonical Ltd.
2019-11-12
2019-11-12
Deepak Gupta
2019-11-12
CVE-2018-12207
tyhicks> This issue only affects processors manufactured by Intel that support Extended Page Tables (EPT)
CVE-2018-25020 on Ubuntu 20.04 LTS (focal) - medium.
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.
Update Instructions:
Run `sudo pro fix CVE-2018-25020` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-08
CVE-2018-25020
CVE-2018-3639 on Ubuntu 20.04 LTS (focal) - medium.
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory.
Update Instructions:
Run `sudo pro fix CVE-2018-3639` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
intel-microcode - 3.20180807a.1
No subscription required
libnss-libvirt - 4.0.0-1ubuntu11
libvirt-clients - 4.0.0-1ubuntu11
libvirt-daemon - 4.0.0-1ubuntu11
libvirt-daemon-driver-lxc - 4.0.0-1ubuntu11
libvirt-daemon-driver-qemu - 4.0.0-1ubuntu11
libvirt-daemon-driver-storage-gluster - 4.0.0-1ubuntu11
libvirt-daemon-driver-storage-rbd - 4.0.0-1ubuntu11
libvirt-daemon-driver-storage-zfs - 4.0.0-1ubuntu11
libvirt-daemon-driver-vbox - 4.0.0-1ubuntu11
libvirt-daemon-driver-xen - 4.0.0-1ubuntu11
libvirt-daemon-system - 4.0.0-1ubuntu11
libvirt-daemon-system-systemd - 4.0.0-1ubuntu11
libvirt-daemon-system-sysv - 4.0.0-1ubuntu11
libvirt-sanlock - 4.0.0-1ubuntu11
libvirt-wireshark - 4.0.0-1ubuntu11
libvirt0 - 4.0.0-1ubuntu11
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
qemu - 1:2.11+dfsg-1ubuntu10
qemu-block-extra - 1:2.11+dfsg-1ubuntu10
qemu-guest-agent - 1:2.11+dfsg-1ubuntu10
qemu-kvm - 1:2.11+dfsg-1ubuntu10
qemu-system - 1:2.11+dfsg-1ubuntu10
qemu-system-arm - 1:2.11+dfsg-1ubuntu10
qemu-system-common - 1:2.11+dfsg-1ubuntu10
qemu-system-data - 1:2.11+dfsg-1ubuntu10
qemu-system-gui - 1:2.11+dfsg-1ubuntu10
qemu-system-mips - 1:2.11+dfsg-1ubuntu10
qemu-system-misc - 1:2.11+dfsg-1ubuntu10
qemu-system-ppc - 1:2.11+dfsg-1ubuntu10
qemu-system-s390x - 1:2.11+dfsg-1ubuntu10
qemu-system-sparc - 1:2.11+dfsg-1ubuntu10
qemu-system-x86 - 1:2.11+dfsg-1ubuntu10
qemu-system-x86-microvm - 1:2.11+dfsg-1ubuntu10
qemu-system-x86-xen - 1:2.11+dfsg-1ubuntu10
qemu-user - 1:2.11+dfsg-1ubuntu10
qemu-user-binfmt - 1:2.11+dfsg-1ubuntu10
qemu-user-static - 1:2.11+dfsg-1ubuntu10
qemu-utils - 1:2.11+dfsg-1ubuntu10
No subscription required
libxencall1 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
libxendevicemodel1 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
libxenevtchn1 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
libxenforeignmemory1 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
libxengnttab1 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
libxenmisc4.11 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
libxenstore3.0 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
libxentoolcore1 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
libxentoollog1 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
xen-hypervisor-4.11-amd64 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
xen-hypervisor-4.11-arm64 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
xen-hypervisor-4.11-armhf - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
xen-hypervisor-4.9-amd64 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
xen-hypervisor-4.9-arm64 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
xen-hypervisor-4.9-armhf - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
xen-hypervisor-common - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
xen-system-amd64 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
xen-system-arm64 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
xen-system-armhf - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
xen-utils-4.11 - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
xen-utils-common - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
xenstore-utils - 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-05-21
2018-05-21
Jann Horn and Ken Johnson
2018-05-21
CVE-2018-3639
tyhicks> "Variant 4" The break-fix lines for this CVE are not complete since a large number of patches are required to mitigate this issue. The commit(s) listed are chosen as placeholders for automated CVE triage purposes.
CVE-2019-0146 on Ubuntu 20.04 LTS (focal) - low.
Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.
Update Instructions:
Run `sudo pro fix CVE-2019-0146` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-14
CVE-2019-0146
cascardo> some of these likely belong to CVE-2019-0149
CVE-2019-11091 on Ubuntu 20.04 LTS (focal) - medium.
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2019-11091` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
intel-microcode - 3.20190514.0ubuntu1
No subscription required
libnss-libvirt - 5.0.0-1ubuntu4
libvirt-clients - 5.0.0-1ubuntu4
libvirt-daemon - 5.0.0-1ubuntu4
libvirt-daemon-driver-lxc - 5.0.0-1ubuntu4
libvirt-daemon-driver-qemu - 5.0.0-1ubuntu4
libvirt-daemon-driver-storage-gluster - 5.0.0-1ubuntu4
libvirt-daemon-driver-storage-rbd - 5.0.0-1ubuntu4
libvirt-daemon-driver-storage-zfs - 5.0.0-1ubuntu4
libvirt-daemon-driver-vbox - 5.0.0-1ubuntu4
libvirt-daemon-driver-xen - 5.0.0-1ubuntu4
libvirt-daemon-system - 5.0.0-1ubuntu4
libvirt-daemon-system-systemd - 5.0.0-1ubuntu4
libvirt-daemon-system-sysv - 5.0.0-1ubuntu4
libvirt-sanlock - 5.0.0-1ubuntu4
libvirt-wireshark - 5.0.0-1ubuntu4
libvirt0 - 5.0.0-1ubuntu4
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
qemu - 1:3.1+dfsg-2ubuntu4
qemu-block-extra - 1:3.1+dfsg-2ubuntu4
qemu-guest-agent - 1:3.1+dfsg-2ubuntu4
qemu-kvm - 1:3.1+dfsg-2ubuntu4
qemu-system - 1:3.1+dfsg-2ubuntu4
qemu-system-arm - 1:3.1+dfsg-2ubuntu4
qemu-system-common - 1:3.1+dfsg-2ubuntu4
qemu-system-data - 1:3.1+dfsg-2ubuntu4
qemu-system-gui - 1:3.1+dfsg-2ubuntu4
qemu-system-mips - 1:3.1+dfsg-2ubuntu4
qemu-system-misc - 1:3.1+dfsg-2ubuntu4
qemu-system-ppc - 1:3.1+dfsg-2ubuntu4
qemu-system-s390x - 1:3.1+dfsg-2ubuntu4
qemu-system-sparc - 1:3.1+dfsg-2ubuntu4
qemu-system-x86 - 1:3.1+dfsg-2ubuntu4
qemu-system-x86-microvm - 1:3.1+dfsg-2ubuntu4
qemu-system-x86-xen - 1:3.1+dfsg-2ubuntu4
qemu-user - 1:3.1+dfsg-2ubuntu4
qemu-user-binfmt - 1:3.1+dfsg-2ubuntu4
qemu-user-static - 1:3.1+dfsg-2ubuntu4
qemu-utils - 1:3.1+dfsg-2ubuntu4
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-05-14
2019-05-14
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida
2019-05-14
CVE-2019-11091
CVE-2019-15213 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-08-19
https://bugzilla.kernel.org/show_bug.cgi?id=204597
https://bugzilla.suse.com/show_bug.cgi?id=1146544
CVE-2019-15213
tyhicks> Setting priority to low since this issue requires a malicious USB device to be inserted into the system Ben Hutchings noticed that commit 6cf97230cd5f ("media: dvb: usb: fix use after free in dvb_usb_device_exit"), which is mentioned in the CVE references for this issue, likely doesn't fix the problem. See the lore reference above for details. I think Ben is correct and have adjusted our break-fix metadata to use the break commit that he pointed out. sbeattie> unfixed upstream as of 2022-01-27
CVE-2019-1563 on Ubuntu 20.04 LTS (focal) - low.
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
Update Instructions:
Run `sudo pro fix CVE-2019-1563` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
ovmf - 0~20191122.bd85bf54-2
qemu-efi - 0~20191122.bd85bf54-2
qemu-efi-aarch64 - 0~20191122.bd85bf54-2
qemu-efi-arm - 0~20191122.bd85bf54-2
No subscription required
libssl1.1 - 1.1.1d-2ubuntu1
openssl - 1.1.1d-2ubuntu1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-10
2019-09-10
Bernd Edlinger
CVE-2019-1563
CVE-2019-19074 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4. It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19074` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19074
CVE-2019-19448 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. It was discovered that the btrfs file system in the Linux kernel contained a use-after-free vulnerability when merging free space. An attacker could use this to construct a malicious btrfs image that, when mounted and operated on, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-19448` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-48.52
linux-image-5.4.0-153-generic-lpae - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-generic - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-48.52
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1024.24
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1019.21
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-34.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-48.52
linux-image-5.4.0-105-lowlatency - 5.4.0-48.52
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1025.25
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1026.26
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1026.26
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1024.24
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-08
2019-12-08
https://bugzilla.suse.com/show_bug.cgi?id=1158820
CVE-2019-19448
tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted sbeattie> it's asserted that the btrfs enhanced tree-checker should address this issue; this was backported to at least the 4.15 kernels.
CVE-2019-19449 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated). It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-19449` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-90.101
linux-image-5.4.0-153-generic-lpae - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-generic - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-90.101
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1021.24
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1007.8
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-90.101
linux-image-5.4.0-105-lowlatency - 5.4.0-90.101
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1059.62
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1063.66
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1055.58
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1007.8
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1049.51
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-08
2019-12-08
CVE-2019-19449
tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted
CVE-2019-19770 on Ubuntu 20.04 LTS (focal) - low.
** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace. It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-19770` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-51.56
linux-image-5.4.0-153-generic-lpae - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-generic - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-51.56
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1026.27
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-36.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-51.56
linux-image-5.4.0-105-lowlatency - 5.4.0-51.56
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1028.29
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1031.32
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1026.27
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-12
2019-12-12
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1904471
CVE-2019-19770
sbeattie> reproducer in github link according to kernel maintainer, needed commits are: (1b0b28364816) blktrace: break out of blktrace setup on concurrent calls (c3dbe541ef77) blktrace: Avoid sparse warnings when assigning q->blk_trace (a67549c8e568) blktrace: annotate required lock on do_blk_trace_setup() (bad8e64fb19d) blktrace: fix debugfs use after free (b431ef837e33) blktrace: ensure our debugfs dir exists
CVE-2019-20382 on Ubuntu 20.04 LTS (focal) - low.
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
Update Instructions:
Run `sudo pro fix CVE-2019-20382` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu1
qemu-block-extra - 1:4.2-3ubuntu1
qemu-guest-agent - 1:4.2-3ubuntu1
qemu-kvm - 1:4.2-3ubuntu1
qemu-system - 1:4.2-3ubuntu1
qemu-system-arm - 1:4.2-3ubuntu1
qemu-system-common - 1:4.2-3ubuntu1
qemu-system-data - 1:4.2-3ubuntu1
qemu-system-gui - 1:4.2-3ubuntu1
qemu-system-mips - 1:4.2-3ubuntu1
qemu-system-misc - 1:4.2-3ubuntu1
qemu-system-ppc - 1:4.2-3ubuntu1
qemu-system-s390x - 1:4.2-3ubuntu1
qemu-system-sparc - 1:4.2-3ubuntu1
qemu-system-x86 - 1:4.2-3ubuntu1
qemu-system-x86-microvm - 1:4.2-3ubuntu1
qemu-system-x86-xen - 1:4.2-3ubuntu1
qemu-user - 1:4.2-3ubuntu1
qemu-user-binfmt - 1:4.2-3ubuntu1
qemu-user-static - 1:4.2-3ubuntu1
qemu-utils - 1:4.2-3ubuntu1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-03-05
2020-03-05
mdeslaur
CVE-2019-20382
CVE-2019-25013 on Ubuntu 20.04 LTS (focal) - low.
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
Update Instructions:
Run `sudo pro fix CVE-2019-25013` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9.7
libc-bin - 2.31-0ubuntu9.7
libc6 - 2.31-0ubuntu9.7
libc6-amd64 - 2.31-0ubuntu9.7
libc6-armel - 2.31-0ubuntu9.7
libc6-i386 - 2.31-0ubuntu9.7
libc6-lse - 2.31-0ubuntu9.7
libc6-pic - 2.31-0ubuntu9.7
libc6-prof - 2.31-0ubuntu9.7
libc6-s390 - 2.31-0ubuntu9.7
libc6-x32 - 2.31-0ubuntu9.7
locales - 2.31-0ubuntu9.7
locales-all - 2.31-0ubuntu9.7
nscd - 2.31-0ubuntu9.7
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-01-04
2021-01-04
Arjun Shankar
https://sourceware.org/bugzilla/show_bug.cgi?id=24973
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979273
CVE-2019-25013
CVE-2019-7308 on Ubuntu 20.04 LTS (focal) - medium.
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2019-7308` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-02-01
2019-02-01
Jann Horn
https://bugs.chromium.org/p/project-zero/issues/detail?id=1711
CVE-2019-7308
tyhicks> Mitigation for this vulnerability is available by setting the kernel.unprivileged_bpf_disabled sysctl to 1: $ sudo sysctl kernel.unprivileged_bpf_disabled=1 $ echo kernel.unprivileged_bpf_disabled=1 | \ sudo tee /etc/sysctl.d/90-CVE-2019-7308.conf This issue is mitigated on systems that use secure boot, thanks to the kernel lockdown feature which blocks BPF program loading.
CVE-2020-0423 on Ubuntu 20.04 LTS (focal) - low.
In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-0423` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1030.31
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-31.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-37.42
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1030.31
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1032.33
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-31.33~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-10-14
2020-10-14
CVE-2020-0423
sbeattie> The binder module is enabled in Ubuntu kernels but not loaded by default. Systems without binder loaded should not be vulnerable.
CVE-2020-0465 on Ubuntu 20.04 LTS (focal) - medium.
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel It was discovered that the HID multitouch implementation within the Linux kernel did not properly validate input events in some situations. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-0465` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-51.56
linux-image-5.4.0-153-generic-lpae - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-generic - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-51.56
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1026.27
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1021.24
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-51.56
linux-image-5.4.0-105-lowlatency - 5.4.0-51.56
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1028.29
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1031.32
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1026.27
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-12-14
2020-12-14
CVE-2020-0465
CVE-2020-0466 on Ubuntu 20.04 LTS (focal) - medium.
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel It was discovered that the eventpoll (aka epoll) implementation in the Linux kernel contained a logic error that could lead to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-0466` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-51.56
linux-image-5.4.0-153-generic-lpae - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-generic - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-51.56
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1026.27
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1021.24
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-51.56
linux-image-5.4.0-105-lowlatency - 5.4.0-51.56
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1028.29
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1031.32
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1026.27
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-12-14
2020-12-14
CVE-2020-0466
CVE-2020-0543 on Ubuntu 20.04 LTS (focal) - medium.
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-0543` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
intel-microcode - 3.20200609.0ubuntu0.20.04.0
No subscription required
libxencall1 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
libxendevicemodel1 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
libxenevtchn1 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
libxenforeignmemory1 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
libxengnttab1 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
libxenmisc4.11 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
libxenstore3.0 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
libxentoolcore1 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
libxentoollog1 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-hypervisor-4.11-amd64 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-hypervisor-4.11-arm64 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-hypervisor-4.11-armhf - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-hypervisor-4.9-amd64 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-hypervisor-4.9-arm64 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-hypervisor-4.9-armhf - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-hypervisor-common - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-system-amd64 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-system-arm64 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-system-armhf - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-utils-4.11 - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-utils-common - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xenstore-utils - 4.11.3+24-g14b62ab3e5-1ubuntu2.3
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-06-09
2020-06-09
sbeattie
2020-06-09
CVE-2020-0543
tyhicks> This issue only affects Intel client and Xeon E3 processors sbeattie> also known as "CrossTalk" sbeattie> Affected processor families: ============= ============ ======== common name Family_Model Stepping ============= ============ ======== IvyBridge 06_3AH All Haswell 06_3CH All Haswell_L 06_45H All Haswell_G 06_46H All Broadwell_G 06_47H All Broadwell 06_3DH All Skylake_L 06_4EH All Skylake 06_5EH All Kabylake_L 06_8EH <= 0xC Kabylake 06_9EH <= 0xD ============= ============ ========
CVE-2020-10029 on Ubuntu 20.04 LTS (focal) - low.
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
Update Instructions:
Run `sudo pro fix CVE-2020-10029` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9
libc-bin - 2.31-0ubuntu9
libc6 - 2.31-0ubuntu9
libc6-amd64 - 2.31-0ubuntu9
libc6-armel - 2.31-0ubuntu9
libc6-i386 - 2.31-0ubuntu9
libc6-lse - 2.31-0ubuntu9
libc6-pic - 2.31-0ubuntu9
libc6-prof - 2.31-0ubuntu9
libc6-s390 - 2.31-0ubuntu9
libc6-x32 - 2.31-0ubuntu9
locales - 2.31-0ubuntu9
locales-all - 2.31-0ubuntu9
nscd - 2.31-0ubuntu9
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-03-04
2020-03-04
https://sourceware.org/bugzilla/show_bug.cgi?id=25487
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953108
CVE-2020-10029
CVE-2020-10135 on Ubuntu 20.04 LTS (focal) - medium.
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device.
Update Instructions:
Run `sudo pro fix CVE-2020-10135` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1030.31
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-31.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-37.42
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1030.31
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1032.33
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-31.33~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-05-19
2020-05-19
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen
CVE-2020-10135
CVE-2020-10756 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.
Update Instructions:
Run `sudo pro fix CVE-2020-10756` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libslirp0 - 4.1.0-2ubuntu2.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-07-09
2020-07-09
Ziming Zhang and VictorV
https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11
CVE-2020-10756
CVE-2020-10781 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. Luca Bruno discovered that the zram module in the Linux kernel did not properly restrict unprivileged users from accessing the hot_add sysfs file. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2020-10781` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1023.23
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-06-18
2020-06-18
Luca Bruno
https://bugzilla.redhat.com/show_bug.cgi?id=1847832
CVE-2020-10781
sbeattie> zram module is not loaded by default, but is enabled.
CVE-2020-11935 on Ubuntu 20.04 LTS (focal) - medium.
It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack. Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2020-11935` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-42.46
linux-image-5.4.0-153-generic-lpae - 5.4.0-42.46
linux-image-unsigned-5.4.0-153-generic - 5.4.0-42.46
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-42.46
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1021.21
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-30.34
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-42.46
linux-image-5.4.0-105-lowlatency - 5.4.0-42.46
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1020.20
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1021.21
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1020.20
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1021.21
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-06-29
2020-06-29
Mauricio Faria de Oliveira
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1873074
CVE-2020-11935
sbeattie> upstream aufs4-linux.git commits: 515a586eeef31e0717d5dea21e2c11a965340b3c f10aea57d39d6cd311312e9e7746804f7059b5c8
CVE-2020-12362 on Ubuntu 20.04 LTS (focal) - medium.
Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.
Update Instructions:
Run `sudo pro fix CVE-2020-12362` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-02-17
CVE-2020-12362
mdeslaur> per Intel, this was fixed by a firmware update. v49.0.1 of the firmware is required. The new firmware requires a kernel patch: c784e5249e773689e38d2bc1749f08b986621a26
CVE-2020-12363 on Ubuntu 20.04 LTS (focal) - low.
Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
Update Instructions:
Run `sudo pro fix CVE-2020-12363` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-02-17
CVE-2020-12363
mdeslaur> per Intel, this was fixed by a firmware update. v49.0.1 of the firmware is required. The new firmware requires a kernel patch: c784e5249e773689e38d2bc1749f08b986621a26
CVE-2020-12364 on Ubuntu 20.04 LTS (focal) - low.
Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
Update Instructions:
Run `sudo pro fix CVE-2020-12364` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-02-17
CVE-2020-12364
mdeslaur> per Intel, this was fixed by a firmware update. v49.0.1 of the firmware is required. The new firmware requires a kernel patch: c784e5249e773689e38d2bc1749f08b986621a26
CVE-2020-12888 on Ubuntu 20.04 LTS (focal) - medium.
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-12888` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-48.52
linux-image-5.4.0-153-generic-lpae - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-generic - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-48.52
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1024.24
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1028.28
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1019.21
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-34.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-48.52
linux-image-5.4.0-105-lowlatency - 5.4.0-48.52
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1025.25
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1026.26
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1026.26
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1024.24
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1028.28
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-05-15
2020-05-15
CVE-2020-12888
CVE-2020-14304 on Ubuntu 20.04 LTS (focal) - low.
A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-09-15
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702
https://bugzilla.redhat.com/show_bug.cgi?id=1847539
https://bugzilla.suse.com/show_bug.cgi?id=1173327
CVE-2020-14304
sbeattie> no progress as of 2020.10.26, debian bug had a proposed patch that was shown to be not correct. sbeattie> Looks to affect Mellanox driver? sbeattie> Requires root privileges, and does not allow attacker to target specific memory.
CVE-2020-14314 on Ubuntu 20.04 LTS (focal) - medium.
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-14314` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-51.56
linux-image-5.4.0-153-generic-lpae - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-generic - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-51.56
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1026.27
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-36.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-51.56
linux-image-5.4.0-105-lowlatency - 5.4.0-51.56
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1028.29
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1031.32
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1026.27
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-09-15
2020-09-15
Jay Shin
CVE-2020-14314
CVE-2020-14351 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-14351` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1030.31
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-31.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-37.42
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1030.31
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1032.33
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-31.33~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-09-25
2020-09-25
CVE-2020-14351
sbeattie> access to the perf subsystem is restricted via either the CAP_PERFMON or CAP_SYS_ADMIN capabilities, or through loosened settings of the kernel.perf_event_paranoid sysctl. See https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html for more details.
CVE-2020-14385 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. David Alan Gilbert discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation in some circumstances. A local attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2020-14385` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-51.56
linux-image-5.4.0-153-generic-lpae - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-generic - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-51.56
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1026.27
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-36.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-51.56
linux-image-5.4.0-105-lowlatency - 5.4.0-51.56
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1028.29
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1031.32
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1026.27
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-09-15
2020-09-15
David Alan Gilbert
CVE-2020-14385
CVE-2020-14390 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-14390` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1030.31
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-37.42
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1030.31
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1032.33
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-09-18
2020-09-18
CVE-2020-14390
CVE-2020-15437 on Ubuntu 20.04 LTS (focal) - low.
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. It was discovered that the serial port driver in the Linux kernel did not properly initialize a pointer in some situations. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-15437` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1023.23
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-11-23
2020-11-23
CVE-2020-15437
CVE-2020-15859 on Ubuntu 20.04 LTS (focal) - medium.
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
Update Instructions:
Run `sudo pro fix CVE-2020-15859` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.12
qemu-block-extra - 1:4.2-3ubuntu6.12
qemu-guest-agent - 1:4.2-3ubuntu6.12
qemu-kvm - 1:4.2-3ubuntu6.12
qemu-system - 1:4.2-3ubuntu6.12
qemu-system-arm - 1:4.2-3ubuntu6.12
qemu-system-common - 1:4.2-3ubuntu6.12
qemu-system-data - 1:4.2-3ubuntu6.12
qemu-system-gui - 1:4.2-3ubuntu6.12
qemu-system-mips - 1:4.2-3ubuntu6.12
qemu-system-misc - 1:4.2-3ubuntu6.12
qemu-system-ppc - 1:4.2-3ubuntu6.12
qemu-system-s390x - 1:4.2-3ubuntu6.12
qemu-system-sparc - 1:4.2-3ubuntu6.12
qemu-system-x86 - 1:4.2-3ubuntu6.12
qemu-system-x86-microvm - 1:4.2-3ubuntu6.12
qemu-system-x86-xen - 1:4.2-3ubuntu6.12
qemu-user - 1:4.2-3ubuntu6.12
qemu-user-binfmt - 1:4.2-3ubuntu6.12
qemu-user-static - 1:4.2-3ubuntu6.12
qemu-utils - 1:4.2-3ubuntu6.12
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-07-21
2020-07-21
Alexander Bulekov
https://bugs.launchpad.net/qemu/+bug/1886362
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965978
CVE-2020-15859
CVE-2020-16120 on Ubuntu 20.04 LTS (focal) - medium.
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11. Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files.
Update Instructions:
Run `sudo pro fix CVE-2020-16120` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-51.56
linux-image-5.4.0-153-generic-lpae - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-generic - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-51.56
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1026.27
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1028.29
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-36.41
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-51.56
linux-image-5.4.0-105-lowlatency - 5.4.0-51.56
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1028.29
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1031.32
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1028.29
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1026.27
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1028.29
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-10-13
2020-10-13
cascardo
Giuseppe Scrivano
2020-10-13
https://bugs.launchpad.net/bugs/1894980
https://bugs.launchpad.net/bugs/1900141
CVE-2020-16120
sbeattie> this issue most likely only has an impact on Ubuntu systems as it is dependent on both unprivileged user namespaces being enabled as well as a non-upstream patch that allows overlayfs mounts in user namespaces. the backport of this issue introduced a regression, LP: #1900141
CVE-2020-16166 on Ubuntu 20.04 LTS (focal) - medium.
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. It was discovered that the state of network RNG in the Linux kernel was potentially observable. A remote attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-16166` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-48.52
linux-image-5.4.0-153-generic-lpae - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-generic - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-48.52
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1024.24
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1019.21
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-34.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-48.52
linux-image-5.4.0-105-lowlatency - 5.4.0-48.52
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1025.25
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1026.26
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1026.26
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1024.24
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-07-30
2020-07-30
CVE-2020-16166
CVE-2020-1711 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
Update Instructions:
Run `sudo pro fix CVE-2020-1711` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu1
qemu-block-extra - 1:4.2-3ubuntu1
qemu-guest-agent - 1:4.2-3ubuntu1
qemu-kvm - 1:4.2-3ubuntu1
qemu-system - 1:4.2-3ubuntu1
qemu-system-arm - 1:4.2-3ubuntu1
qemu-system-common - 1:4.2-3ubuntu1
qemu-system-data - 1:4.2-3ubuntu1
qemu-system-gui - 1:4.2-3ubuntu1
qemu-system-mips - 1:4.2-3ubuntu1
qemu-system-misc - 1:4.2-3ubuntu1
qemu-system-ppc - 1:4.2-3ubuntu1
qemu-system-s390x - 1:4.2-3ubuntu1
qemu-system-sparc - 1:4.2-3ubuntu1
qemu-system-x86 - 1:4.2-3ubuntu1
qemu-system-x86-microvm - 1:4.2-3ubuntu1
qemu-system-x86-xen - 1:4.2-3ubuntu1
qemu-user - 1:4.2-3ubuntu1
qemu-user-binfmt - 1:4.2-3ubuntu1
qemu-user-static - 1:4.2-3ubuntu1
qemu-utils - 1:4.2-3ubuntu1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-02-11
2020-02-11
Felipe Franciosi, Raphael Norwitz, Peter Turschmid
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949731
CVE-2020-1711
CVE-2020-1752 on Ubuntu 20.04 LTS (focal) - low.
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.
Update Instructions:
Run `sudo pro fix CVE-2020-1752` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9
libc-bin - 2.31-0ubuntu9
libc6 - 2.31-0ubuntu9
libc6-amd64 - 2.31-0ubuntu9
libc6-armel - 2.31-0ubuntu9
libc6-i386 - 2.31-0ubuntu9
libc6-lse - 2.31-0ubuntu9
libc6-pic - 2.31-0ubuntu9
libc6-prof - 2.31-0ubuntu9
libc6-s390 - 2.31-0ubuntu9
libc6-x32 - 2.31-0ubuntu9
locales - 2.31-0ubuntu9
locales-all - 2.31-0ubuntu9
nscd - 2.31-0ubuntu9
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-04-30
2020-04-30
https://sourceware.org/bugzilla/show_bug.cgi?id=25414
CVE-2020-1752
CVE-2020-1968 on Ubuntu 20.04 LTS (focal) - low.
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
Update Instructions:
Run `sudo pro fix CVE-2020-1968` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2
openssl - 1.1.1f-1ubuntu2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-09-09
2020-09-09
Robert Merget, Marcus Brinkmann, Nimrod Aviram, Juraj Somorovsky
CVE-2020-1968
CVE-2020-1983 on Ubuntu 20.04 LTS (focal) - medium.
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2020-1983` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libslirp0 - 4.1.0-2ubuntu2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-04-22
2020-04-22
mdeslaur
Aviv Sasson
CVE-2020-1983
CVE-2020-24586 on Ubuntu 20.04 LTS (focal) - medium.
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-24586` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-11
2021-05-11
Mathy Vanhoef
2021-05-11
CVE-2020-24586
CVE-2020-24587 on Ubuntu 20.04 LTS (focal) - medium.
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments.
Update Instructions:
Run `sudo pro fix CVE-2020-24587` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-11
2021-05-11
Mathy Vanhoef
2021-05-11
CVE-2020-24587
CVE-2020-24588 on Ubuntu 20.04 LTS (focal) - medium.
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled certain malformed frames. If a user were tricked into connecting to a malicious server, a physically proximate attacker could use this issue to inject packets.
Update Instructions:
Run `sudo pro fix CVE-2020-24588` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-11
2021-05-11
Mathy Vanhoef
2021-05-11
CVE-2020-24588
CVE-2020-25084 on Ubuntu 20.04 LTS (focal) - low.
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
Update Instructions:
Run `sudo pro fix CVE-2020-25084` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.10
qemu-block-extra - 1:4.2-3ubuntu6.10
qemu-guest-agent - 1:4.2-3ubuntu6.10
qemu-kvm - 1:4.2-3ubuntu6.10
qemu-system - 1:4.2-3ubuntu6.10
qemu-system-arm - 1:4.2-3ubuntu6.10
qemu-system-common - 1:4.2-3ubuntu6.10
qemu-system-data - 1:4.2-3ubuntu6.10
qemu-system-gui - 1:4.2-3ubuntu6.10
qemu-system-mips - 1:4.2-3ubuntu6.10
qemu-system-misc - 1:4.2-3ubuntu6.10
qemu-system-ppc - 1:4.2-3ubuntu6.10
qemu-system-s390x - 1:4.2-3ubuntu6.10
qemu-system-sparc - 1:4.2-3ubuntu6.10
qemu-system-x86 - 1:4.2-3ubuntu6.10
qemu-system-x86-microvm - 1:4.2-3ubuntu6.10
qemu-system-x86-xen - 1:4.2-3ubuntu6.10
qemu-user - 1:4.2-3ubuntu6.10
qemu-user-binfmt - 1:4.2-3ubuntu6.10
qemu-user-static - 1:4.2-3ubuntu6.10
qemu-utils - 1:4.2-3ubuntu6.10
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-09-25
2020-09-25
mdeslaur
Sergej Schumilo, Cornelius Aschermann, Simon Wrner
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970539
https://bugs.launchpad.net/qemu/+bug/1891341
CVE-2020-25084
CVE-2020-25211 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-25211` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1030.31
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-37.42
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1030.31
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1032.33
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-09-09
2020-09-09
CVE-2020-25211
sbeattie> fixed in 5.4 somewhere; proposed fix only going to stable trees
CVE-2020-25212 on Ubuntu 20.04 LTS (focal) - medium.
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. It was discovered that the NFS client implementation in the Linux kernel did not properly perform bounds checking before copying security labels in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-25212` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-48.52
linux-image-5.4.0-153-generic-lpae - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-generic - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-48.52
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1024.24
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1019.21
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-34.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-48.52
linux-image-5.4.0-105-lowlatency - 5.4.0-48.52
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1025.25
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1026.26
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1026.26
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1024.24
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-09-09
2020-09-09
CVE-2020-25212
CVE-2020-25284 on Ubuntu 20.04 LTS (focal) - medium.
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices.
Update Instructions:
Run `sudo pro fix CVE-2020-25284` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1030.31
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-37.42
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1030.31
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1032.33
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-09-13
2020-09-13
CVE-2020-25284
CVE-2020-25285 on Ubuntu 20.04 LTS (focal) - low.
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. It was discovered that a race condition existed in the hugetlb sysctl implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-25285` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-51.56
linux-image-5.4.0-153-generic-lpae - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-generic - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-51.56
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1026.27
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-36.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-51.56
linux-image-5.4.0-105-lowlatency - 5.4.0-51.56
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1028.29
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1031.32
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1026.27
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-09-13
2020-09-13
CVE-2020-25285
CVE-2020-25624 on Ubuntu 20.04 LTS (focal) - low.
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
Update Instructions:
Run `sudo pro fix CVE-2020-25624` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.10
qemu-block-extra - 1:4.2-3ubuntu6.10
qemu-guest-agent - 1:4.2-3ubuntu6.10
qemu-kvm - 1:4.2-3ubuntu6.10
qemu-system - 1:4.2-3ubuntu6.10
qemu-system-arm - 1:4.2-3ubuntu6.10
qemu-system-common - 1:4.2-3ubuntu6.10
qemu-system-data - 1:4.2-3ubuntu6.10
qemu-system-gui - 1:4.2-3ubuntu6.10
qemu-system-mips - 1:4.2-3ubuntu6.10
qemu-system-misc - 1:4.2-3ubuntu6.10
qemu-system-ppc - 1:4.2-3ubuntu6.10
qemu-system-s390x - 1:4.2-3ubuntu6.10
qemu-system-sparc - 1:4.2-3ubuntu6.10
qemu-system-x86 - 1:4.2-3ubuntu6.10
qemu-system-x86-microvm - 1:4.2-3ubuntu6.10
qemu-system-x86-xen - 1:4.2-3ubuntu6.10
qemu-user - 1:4.2-3ubuntu6.10
qemu-user-binfmt - 1:4.2-3ubuntu6.10
qemu-user-static - 1:4.2-3ubuntu6.10
qemu-utils - 1:4.2-3ubuntu6.10
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-09-25
2020-09-25
mdeslaur
Gaoning Pan, Yongkang Jia, Yi Ren
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970541
CVE-2020-25624
CVE-2020-25625 on Ubuntu 20.04 LTS (focal) - low.
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.
Update Instructions:
Run `sudo pro fix CVE-2020-25625` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.10
qemu-block-extra - 1:4.2-3ubuntu6.10
qemu-guest-agent - 1:4.2-3ubuntu6.10
qemu-kvm - 1:4.2-3ubuntu6.10
qemu-system - 1:4.2-3ubuntu6.10
qemu-system-arm - 1:4.2-3ubuntu6.10
qemu-system-common - 1:4.2-3ubuntu6.10
qemu-system-data - 1:4.2-3ubuntu6.10
qemu-system-gui - 1:4.2-3ubuntu6.10
qemu-system-mips - 1:4.2-3ubuntu6.10
qemu-system-misc - 1:4.2-3ubuntu6.10
qemu-system-ppc - 1:4.2-3ubuntu6.10
qemu-system-s390x - 1:4.2-3ubuntu6.10
qemu-system-sparc - 1:4.2-3ubuntu6.10
qemu-system-x86 - 1:4.2-3ubuntu6.10
qemu-system-x86-microvm - 1:4.2-3ubuntu6.10
qemu-system-x86-xen - 1:4.2-3ubuntu6.10
qemu-user - 1:4.2-3ubuntu6.10
qemu-user-binfmt - 1:4.2-3ubuntu6.10
qemu-user-static - 1:4.2-3ubuntu6.10
qemu-utils - 1:4.2-3ubuntu6.10
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-09-25
2020-09-25
mdeslaur
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970542
CVE-2020-25625
CVE-2020-25639 on Ubuntu 20.04 LTS (focal) - low.
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-25639` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-73.82
linux-image-5.4.0-153-generic-lpae - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-generic - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-73.82
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1043.46
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1039.40
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1045.49
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1035.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-25.27~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-73.82
linux-image-5.4.0-105-lowlatency - 5.4.0-73.82
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1048.50
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1047.49
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1043.46
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1043.45
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1039.40
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-03-04
2021-03-04
CVE-2020-25639
sbeattie> reproducer in freedesktop report no upstream progress as of 2020/11/24
CVE-2020-25641 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. It was discovered that the block layer subsystem in the Linux kernel did not properly handle zero-length requests. A local attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2020-25641` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-51.56
linux-image-5.4.0-153-generic-lpae - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-generic - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-51.56
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1026.27
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-36.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-51.56
linux-image-5.4.0-105-lowlatency - 5.4.0-51.56
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1028.29
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1031.32
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1026.27
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-10-06
2020-10-06
CVE-2020-25641
CVE-2020-25643 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. It was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-25643` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1030.31
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-37.42
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1030.31
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1032.33
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-10-06
2020-10-06
ChenNan
https://bugs.launchpad.net/bugs/1898742
CVE-2020-25643
CVE-2020-25645 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. It was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic).
Update Instructions:
Run `sudo pro fix CVE-2020-25645` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1030.31
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-37.42
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1030.31
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1032.33
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-10-13
2020-10-13
CVE-2020-25645
CVE-2020-25656 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-25656` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-59.65
linux-image-5.4.0-153-generic-lpae - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-generic - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-59.65
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1035.36
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1035.36
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1050.54
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1034.36
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1026.29
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-40.45
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-59.65
linux-image-5.4.0-105-lowlatency - 5.4.0-59.65
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1035.36
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1035.36
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1033.35
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1031.32
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1050.54
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1034.36
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-12-02
2020-12-02
CVE-2020-25656
CVE-2020-25668 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-25668` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-59.65
linux-image-5.4.0-153-generic-lpae - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-generic - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-59.65
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1035.36
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1035.36
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1050.54
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1034.36
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1026.29
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-40.45
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-59.65
linux-image-5.4.0-105-lowlatency - 5.4.0-59.65
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1035.36
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1035.36
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1033.35
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1031.32
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1050.54
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1034.36
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-02
2020-11-02
Minh Yuan
CVE-2020-25668
CVE-2020-25669 on Ubuntu 20.04 LTS (focal) - low.
A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free. Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-25669` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-66.74
linux-image-5.4.0-153-generic-lpae - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-generic - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-66.74
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1038.40
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1037.40
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1036.38
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1033.34
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1029.32
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-66.74
linux-image-5.4.0-105-lowlatency - 5.4.0-66.74
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1038.40
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1040.42
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1037.40
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1036.38
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1033.34
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-11-05
2020-11-05
Bodong Zhao
2020-11-05
CVE-2020-25669
sbeattie> issue is specific to the sun4/sun5 keyboard driver.
CVE-2020-25670 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-25670` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-02
2020-11-02
Kiyin (尹亮)
https://bugzilla.suse.com/show_bug.cgi?id=1178181
CVE-2020-25670
CVE-2020-25671 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2020-25671` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-02
2020-11-02
Kiyin (尹亮)
https://bugzilla.suse.com/show_bug.cgi?id=1178181
CVE-2020-25671
CVE-2020-25672 on Ubuntu 20.04 LTS (focal) - medium.
A memory leak vulnerability was found in Linux kernel in llcp_sock_connect Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2020-25672` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-02
2020-11-02
Kiyin (尹亮)
https://bugzilla.suse.com/show_bug.cgi?id=1178181
CVE-2020-25672
sbeattie> asserted by the reporter that the issue is similar to the issue fixed in a0c2dc1fe63e2869b, just in llcp_sock_connect() instead.
CVE-2020-25673 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly handle error conditions in some situations, leading to an infinite loop. A local attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2020-25673` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-02
2020-11-02
Kiyin (尹亮)
https://bugzilla.suse.com/show_bug.cgi?id=1178181
CVE-2020-25673
sbeattie> unfixed upstream as of 2021-03-16 possibly addressed by 4b5db93e7f2afbdfe3b78e37879a85290187e6f1
CVE-2020-25704 on Ubuntu 20.04 LTS (focal) - medium.
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2020-25704` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-59.65
linux-image-5.4.0-153-generic-lpae - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-generic - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-59.65
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1035.36
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1035.36
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1034.36
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1026.29
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-40.45
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-59.65
linux-image-5.4.0-105-lowlatency - 5.4.0-59.65
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1035.36
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1035.36
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1033.35
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1031.32
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1034.36
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-12-02
2020-12-02
kiyin(尹亮)
CVE-2020-25704
CVE-2020-25705 on Ubuntu 20.04 LTS (focal) - medium.
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version Keyu Man discovered that the ICMP global rate limiter in the Linux kernel could be used to assist in scanning open UDP ports. A remote attacker could use to facilitate attacks on UDP based services that depend on source port randomization.
Update Instructions:
Run `sudo pro fix CVE-2020-25705` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1030.31
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-31.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1050.54
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-37.42
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1030.31
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1032.33
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-31.33~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1050.54
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-17
2020-11-17
Keyu Man
CVE-2020-25705
CVE-2020-25723 on Ubuntu 20.04 LTS (focal) - medium.
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2020-25723` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.10
qemu-block-extra - 1:4.2-3ubuntu6.10
qemu-guest-agent - 1:4.2-3ubuntu6.10
qemu-kvm - 1:4.2-3ubuntu6.10
qemu-system - 1:4.2-3ubuntu6.10
qemu-system-arm - 1:4.2-3ubuntu6.10
qemu-system-common - 1:4.2-3ubuntu6.10
qemu-system-data - 1:4.2-3ubuntu6.10
qemu-system-gui - 1:4.2-3ubuntu6.10
qemu-system-mips - 1:4.2-3ubuntu6.10
qemu-system-misc - 1:4.2-3ubuntu6.10
qemu-system-ppc - 1:4.2-3ubuntu6.10
qemu-system-s390x - 1:4.2-3ubuntu6.10
qemu-system-sparc - 1:4.2-3ubuntu6.10
qemu-system-x86 - 1:4.2-3ubuntu6.10
qemu-system-x86-microvm - 1:4.2-3ubuntu6.10
qemu-system-x86-xen - 1:4.2-3ubuntu6.10
qemu-user - 1:4.2-3ubuntu6.10
qemu-user-binfmt - 1:4.2-3ubuntu6.10
qemu-user-static - 1:4.2-3ubuntu6.10
qemu-utils - 1:4.2-3ubuntu6.10
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-18
2020-11-18
mdeslaur
Cheolwoo Myung
https://bugzilla.redhat.com/show_bug.cgi?id=1898579
CVE-2020-25723
CVE-2020-26088 on Ubuntu 20.04 LTS (focal) - medium.
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. It was discovered that the NFC implementation in the Linux kernel did not properly perform permissions checks when opening raw sockets. A local attacker could use this to create or listen to NFC traffic.
Update Instructions:
Run `sudo pro fix CVE-2020-26088` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-48.52
linux-image-5.4.0-153-generic-lpae - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-generic - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-48.52
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1024.24
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1019.21
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-34.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-48.52
linux-image-5.4.0-105-lowlatency - 5.4.0-48.52
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1025.25
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1026.26
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1026.26
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1024.24
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-09-24
2020-09-24
CVE-2020-26088
CVE-2020-26139 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-26139` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-11
2021-05-11
Mathy Vanhoef
2021-05-11
CVE-2020-26139
CVE-2020-26140 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-11
Mathy Vanhoef
2021-05-11
CVE-2020-26140
CVE-2020-26141 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly verify certain fragmented frames. A physically proximate attacker could possibly use this issue to inject or decrypt packets.
Update Instructions:
Run `sudo pro fix CVE-2020-26141` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-11
2021-05-11
Mathy Vanhoef
2021-05-11
CVE-2020-26141
CVE-2020-26143 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-11
Mathy Vanhoef
2021-05-11
CVE-2020-26143
CVE-2020-26144 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled certain malformed frames. A physically proximate attacker could use this issue to inject arbitrary network packets.
Update Instructions:
Run `sudo pro fix CVE-2020-26144` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-11
Mathy Vanhoef
2021-05-11
https://bugzilla.redhat.com/show_bug.cgi?id=1960498
CVE-2020-26144
eslerm> a1d5ff5651ea592c67054233b14b30bf4452999c only required for >=4.9
CVE-2020-26145 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation accepted plaintext fragments in certain situations. A physically proximate attacker could use this issue to inject packets.
Update Instructions:
Run `sudo pro fix CVE-2020-26145` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-11
2021-05-11
Mathy Vanhoef
2021-05-11
CVE-2020-26145
CVE-2020-26146 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-11
Mathy Vanhoef
2021-05-11
CVE-2020-26146
CVE-2020-26147 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments.
Update Instructions:
Run `sudo pro fix CVE-2020-26147` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-11
2021-05-11
Mathy Vanhoef
2021-05-11
CVE-2020-26147
CVE-2020-26541 on Ubuntu 20.04 LTS (focal) - medium.
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions.
Update Instructions:
Run `sudo pro fix CVE-2020-26541` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-92.103
linux-image-5.4.0-153-generic-lpae - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-generic - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-92.103
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1023.26
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1010.11
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1048.53
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1018.19~20.04.2
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-92.103
linux-image-5.4.0-105-lowlatency - 5.4.0-92.103
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1061.64
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1065.68
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1057.60
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1010.11
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1051.53
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-10-02
2020-10-02
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1918960
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1928679
CVE-2020-26541
CVE-2020-26555 on Ubuntu 20.04 LTS (focal) - medium.
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. It was discovered that the BR/EDR pin-code pairing procedure in the Linux kernel was vulnerable to an impersonation attack. A physically proximate attacker could possibly use this to pair to a device without knowledge of the pin-code.
Update Instructions:
Run `sudo pro fix CVE-2020-26555` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-80.90
linux-image-5.4.0-153-generic-lpae - 5.4.0-80.90
linux-image-unsigned-5.4.0-153-generic - 5.4.0-80.90
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-80.90
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1054.57
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1055.57
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1055.57
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1016.19
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1049.53
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1049.52
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1021.22
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1052.56
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1041.45
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-80.90
linux-image-5.4.0-105-lowlatency - 5.4.0-80.90
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1054.57
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1055.57
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1055.57
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1016.19
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1049.53
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1049.52
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1021.22
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1044.46
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1052.56
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-24
2021-05-24
CVE-2020-26555
CVE-2020-26558 on Ubuntu 20.04 LTS (focal) - medium.
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-26558` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
bluetooth - 5.53-0ubuntu3.2
bluez - 5.53-0ubuntu3.2
bluez-cups - 5.53-0ubuntu3.2
bluez-hcidump - 5.53-0ubuntu3.2
bluez-obexd - 5.53-0ubuntu3.2
bluez-tests - 5.53-0ubuntu3.2
libbluetooth3 - 5.53-0ubuntu3.2
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-80.90
linux-image-5.4.0-153-generic-lpae - 5.4.0-80.90
linux-image-unsigned-5.4.0-153-generic - 5.4.0-80.90
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-80.90
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1054.57
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1042.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1055.57
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1040.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1055.57
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1016.19
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1049.53
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1039.41
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1049.52
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1021.22
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1052.56
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1038.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1041.45
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-80.90
linux-image-5.4.0-105-lowlatency - 5.4.0-80.90
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1054.57
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1055.57
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1040.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1055.57
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1016.19
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1049.53
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1039.41
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1049.52
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1021.22
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1044.46
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1052.56
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1038.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-08
2021-06-08
mdeslaur
2021-06-08
CVE-2020-26558
alexmurray> Affects bluez versions prior to 5.57 and 5.58 mdeslaur> There is a kernel fix, and a userspace fix
CVE-2020-27170 on Ubuntu 20.04 LTS (focal) - high.
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-27170` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-70.78
linux-image-5.4.0-153-generic-lpae - 5.4.0-70.78
linux-image-unsigned-5.4.0-153-generic - 5.4.0-70.78
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-70.78
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1040.43
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1039.41
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1012.13
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1036.37
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1019.20
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1052.56
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1041.44
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1032.35
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-20.22~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-70.78
linux-image-5.4.0-105-lowlatency - 5.4.0-70.78
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1041.43
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1043.45
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1043.45
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1040.43
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1039.41
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1012.13
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1036.37
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1019.20
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1052.56
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1041.44
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-03-18
2021-03-18
cascardo
Piotr Krysiuk
CVE-2020-27170
alexmurray> According to the upstream advisory, f232326f6966cf2a1d1db7bc917a4ce5f9f55f76 is the minimal fix but the whole series should be applied together sbeattie> kernels before 4.15 are not affected by this.
CVE-2020-27171 on Ubuntu 20.04 LTS (focal) - high.
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-27171` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-70.78
linux-image-5.4.0-153-generic-lpae - 5.4.0-70.78
linux-image-unsigned-5.4.0-153-generic - 5.4.0-70.78
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-70.78
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1040.43
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1039.41
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1012.13
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1036.37
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1019.20
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1052.56
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1041.44
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1032.35
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-20.22~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-70.78
linux-image-5.4.0-105-lowlatency - 5.4.0-70.78
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1041.43
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1043.45
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1043.45
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1040.43
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1039.41
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1012.13
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1036.37
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1019.20
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1052.56
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1041.44
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-03-18
2021-03-18
cascardo
Piotr Krysiuk
CVE-2020-27171
alexmurray> According to the upstream advisory, 10d2bb2e6b1d8c4576c56a748f697dbeb8388899 is the minimal fix but the whole series should be applied together
CVE-2020-27617 on Ubuntu 20.04 LTS (focal) - low.
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.
Update Instructions:
Run `sudo pro fix CVE-2020-27617` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.10
qemu-block-extra - 1:4.2-3ubuntu6.10
qemu-guest-agent - 1:4.2-3ubuntu6.10
qemu-kvm - 1:4.2-3ubuntu6.10
qemu-system - 1:4.2-3ubuntu6.10
qemu-system-arm - 1:4.2-3ubuntu6.10
qemu-system-common - 1:4.2-3ubuntu6.10
qemu-system-data - 1:4.2-3ubuntu6.10
qemu-system-gui - 1:4.2-3ubuntu6.10
qemu-system-mips - 1:4.2-3ubuntu6.10
qemu-system-misc - 1:4.2-3ubuntu6.10
qemu-system-ppc - 1:4.2-3ubuntu6.10
qemu-system-s390x - 1:4.2-3ubuntu6.10
qemu-system-sparc - 1:4.2-3ubuntu6.10
qemu-system-x86 - 1:4.2-3ubuntu6.10
qemu-system-x86-microvm - 1:4.2-3ubuntu6.10
qemu-system-x86-xen - 1:4.2-3ubuntu6.10
qemu-user - 1:4.2-3ubuntu6.10
qemu-user-binfmt - 1:4.2-3ubuntu6.10
qemu-user-static - 1:4.2-3ubuntu6.10
qemu-utils - 1:4.2-3ubuntu6.10
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-11-06
2020-11-06
mdeslaur
Gaoning Pan
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973324
https://bugs.launchpad.net/qemu/+bug/1878067
CVE-2020-27617
CVE-2020-27618 on Ubuntu 20.04 LTS (focal) - low.
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
Update Instructions:
Run `sudo pro fix CVE-2020-27618` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9.7
libc-bin - 2.31-0ubuntu9.7
libc6 - 2.31-0ubuntu9.7
libc6-amd64 - 2.31-0ubuntu9.7
libc6-armel - 2.31-0ubuntu9.7
libc6-i386 - 2.31-0ubuntu9.7
libc6-lse - 2.31-0ubuntu9.7
libc6-pic - 2.31-0ubuntu9.7
libc6-prof - 2.31-0ubuntu9.7
libc6-s390 - 2.31-0ubuntu9.7
libc6-x32 - 2.31-0ubuntu9.7
locales - 2.31-0ubuntu9.7
locales-all - 2.31-0ubuntu9.7
nscd - 2.31-0ubuntu9.7
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-02-26
2021-02-26
https://sourceware.org/bugzilla/show_bug.cgi?id=26224
CVE-2020-27618
sbeattie> addressing this issue likely also depends on addressing CVE-2016-10228 which is upstream commit 91927b7c76 ("Rewrite iconv option parsing [BZ #19519]") in older versions on glibc, but is a pretty significant change.
CVE-2020-27673 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. Julien Grall discovered that the Xen dom0 event handler in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS.
Update Instructions:
Run `sudo pro fix CVE-2020-27673` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-59.65
linux-image-5.4.0-153-generic-lpae - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-generic - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-59.65
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1035.36
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1035.36
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1034.36
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1026.29
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-59.65
linux-image-5.4.0-105-lowlatency - 5.4.0-59.65
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1035.36
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1035.36
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1033.35
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1031.32
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1034.36
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-10-22
2020-10-22
Julien Grall
CVE-2020-27673
CVE-2020-27675 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. Jinoh Kang discovered that the Xen event channel infrastructure in the Linux kernel contained a race condition. An attacker in guest could possibly use this to cause a denial of service (dom0 crash).
Update Instructions:
Run `sudo pro fix CVE-2020-27675` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-59.65
linux-image-5.4.0-153-generic-lpae - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-generic - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-59.65
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1035.36
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1035.36
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1050.54
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1034.36
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1026.29
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-40.45
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-59.65
linux-image-5.4.0-105-lowlatency - 5.4.0-59.65
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1035.36
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1035.36
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1033.35
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1031.32
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1050.54
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1034.36
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-10-22
2020-10-22
Jinoh Kang
CVE-2020-27675
CVE-2020-27815 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-27815` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-66.74
linux-image-5.4.0-153-generic-lpae - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-generic - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-66.74
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1038.40
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1037.40
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1036.38
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1033.34
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1011.12
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1029.32
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-66.74
linux-image-5.4.0-105-lowlatency - 5.4.0-66.74
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1038.40
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1040.42
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1037.40
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1036.38
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1033.34
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1011.12
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-30
2020-11-30
CVE-2020-27815
CVE-2020-27820 on Ubuntu 20.04 LTS (focal) - low.
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver). Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-27820` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-110.124
linux-image-5.4.0-153-generic-lpae - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-generic - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-110.124
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1021.23
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1071.77
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1060.68
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-110.124
linux-image-5.4.0-105-lowlatency - 5.4.0-110.124
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1078.81
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1073.78
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1071.76
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1021.23
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1071.77
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1016.20~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-11-03
2021-11-03
Jeremy Cline
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-27820
CVE-2020-27820
sbeattie> likely only goes back to 5.4 kernels
CVE-2020-27830 on Ubuntu 20.04 LTS (focal) - low.
A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash. Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in the Linux kernel did not correctly handle setting line discipline in some situations. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-27830` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-66.74
linux-image-5.4.0-153-generic-lpae - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-generic - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-66.74
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1038.40
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1037.40
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1036.38
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1033.34
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1029.32
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-66.74
linux-image-5.4.0-105-lowlatency - 5.4.0-66.74
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1038.40
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1040.42
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1037.40
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1036.38
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1033.34
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-12-07
2020-12-07
Shisong Qin and Bodong Zhao
CVE-2020-27830
CVE-2020-27835 on Ubuntu 20.04 LTS (focal) - medium.
A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system. It was discovered that a use-after-free vulnerability existed in the infiniband hfi1 device driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-27835` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-01-07
2021-01-07
CVE-2020-27835
sbeattie> commit references two commits that introduced the issue.
CVE-2020-28097 on Ubuntu 20.04 LTS (focal) - medium.
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.
Update Instructions:
Run `sudo pro fix CVE-2020-28097` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1030.31
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1023.26
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1030.31
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1032.33
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-24
CVE-2020-28097
sbeattie> out-of-bounds reading in vgacon_scrolldelta. This BUG is caused by "soff" being negative after VT_RESIZE.
CVE-2020-28588 on Ubuntu 20.04 LTS (focal) - medium.
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents. It was discovered that an information leak existed in the syscall implementation in the Linux kernel on 32 bit systems. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-28588` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-66.74
linux-image-5.4.0-153-generic-lpae - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-generic - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-66.74
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1038.40
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1037.40
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1036.38
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1033.34
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1029.32
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-66.74
linux-image-5.4.0-105-lowlatency - 5.4.0-66.74
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1038.40
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1040.42
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1037.40
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1036.38
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1033.34
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-12-04
2020-12-04
CVE-2020-28588
CVE-2020-28915 on Ubuntu 20.04 LTS (focal) - medium.
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-28915` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1030.31
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-31.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-37.42
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1030.31
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1032.33
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-31.33~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-18
2020-11-18
CVE-2020-28915
sbeattie> This patch depends on patch "fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h".
CVE-2020-28941 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in the Linux kernel did not correctly handle setting line discipline in some situations. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-28941` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-66.74
linux-image-5.4.0-153-generic-lpae - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-generic - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-66.74
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1038.40
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1037.40
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1036.38
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1033.34
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1029.32
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-66.74
linux-image-5.4.0-105-lowlatency - 5.4.0-66.74
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1038.40
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1040.42
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1037.40
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1036.38
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1033.34
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-11-19
2020-11-19
Shisong Qin and Bodong Zhao
CVE-2020-28941
CVE-2020-28974 on Ubuntu 20.04 LTS (focal) - medium.
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-28974` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-59.65
linux-image-5.4.0-153-generic-lpae - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-generic - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-59.65
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1035.36
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1035.36
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1039.43
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1034.36
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1026.29
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-40.45
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-59.65
linux-image-5.4.0-105-lowlatency - 5.4.0-59.65
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1035.36
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1035.36
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1033.35
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1031.32
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1039.43
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1034.36
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-20
2020-11-20
Minh Yuan
CVE-2020-28974
CVE-2020-29129 on Ubuntu 20.04 LTS (focal) - low.
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
Update Instructions:
Run `sudo pro fix CVE-2020-29129` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libslirp0 - 4.1.0-2ubuntu2.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-11-26
2020-11-26
mdeslaur
Qiuhao Li
CVE-2020-29129
CVE-2020-29369 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe. Jann Horn discovered that the mmap implementation in the Linux kernel contained a race condition when handling munmap() operations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-29369` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1023.23
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-28
2020-11-28
Jann Horn
CVE-2020-29369
CVE-2020-29371 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. Jann Horn discovered that the romfs file system in the Linux kernel did not properly validate file system meta-data, leading to an out-of-bounds read. An attacker could use this to construct a malicious romfs image that, when mounted, exposed sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-29371` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-51.56
linux-image-5.4.0-153-generic-lpae - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-generic - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-51.56
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1026.27
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-36.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-51.56
linux-image-5.4.0-105-lowlatency - 5.4.0-51.56
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1028.29
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1031.32
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1031.32
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1026.27
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1028.29
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-28
2020-11-28
Jann Horn
CVE-2020-29371
sbeattie> according to Jann Horn's post, the sample exploit does not work at least in 20.04/focal due to heap zeroing being enabled. The concern about udisks2 is real, however.
CVE-2020-29443 on Ubuntu 20.04 LTS (focal) - low.
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
Update Instructions:
Run `sudo pro fix CVE-2020-29443` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.12
qemu-block-extra - 1:4.2-3ubuntu6.12
qemu-guest-agent - 1:4.2-3ubuntu6.12
qemu-kvm - 1:4.2-3ubuntu6.12
qemu-system - 1:4.2-3ubuntu6.12
qemu-system-arm - 1:4.2-3ubuntu6.12
qemu-system-common - 1:4.2-3ubuntu6.12
qemu-system-data - 1:4.2-3ubuntu6.12
qemu-system-gui - 1:4.2-3ubuntu6.12
qemu-system-mips - 1:4.2-3ubuntu6.12
qemu-system-misc - 1:4.2-3ubuntu6.12
qemu-system-ppc - 1:4.2-3ubuntu6.12
qemu-system-s390x - 1:4.2-3ubuntu6.12
qemu-system-sparc - 1:4.2-3ubuntu6.12
qemu-system-x86 - 1:4.2-3ubuntu6.12
qemu-system-x86-microvm - 1:4.2-3ubuntu6.12
qemu-system-x86-xen - 1:4.2-3ubuntu6.12
qemu-user - 1:4.2-3ubuntu6.12
qemu-user-binfmt - 1:4.2-3ubuntu6.12
qemu-user-static - 1:4.2-3ubuntu6.12
qemu-utils - 1:4.2-3ubuntu6.12
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-01-26
2021-01-26
Wenxiang Qian
CVE-2020-29443
mdeslaur> second patch is needed in hirsute
CVE-2020-29568 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS.
Update Instructions:
Run `sudo pro fix CVE-2020-29568` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-66.74
linux-image-5.4.0-153-generic-lpae - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-generic - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-66.74
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1038.40
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1037.40
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1036.38
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1033.34
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1011.12
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1029.32
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-66.74
linux-image-5.4.0-105-lowlatency - 5.4.0-66.74
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1038.40
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1040.42
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1037.40
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1036.38
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1033.34
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1011.12
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-12-15
2020-12-15
Michael Kurth and Pawel Wieczorkiewicz
CVE-2020-29568
CVE-2020-29569 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS.
Update Instructions:
Run `sudo pro fix CVE-2020-29569` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-66.74
linux-image-5.4.0-153-generic-lpae - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-generic - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-66.74
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1038.40
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1037.40
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1036.38
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1033.34
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1011.12
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1029.32
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-66.74
linux-image-5.4.0-105-lowlatency - 5.4.0-66.74
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1038.40
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1040.42
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1037.40
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1036.38
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1033.34
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1011.12
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-12-15
2020-12-15
Olivier Benjamin and Pawel Wieczorkiewicz
CVE-2020-29569
CVE-2020-29573 on Ubuntu 20.04 LTS (focal) - low.
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.
Update Instructions:
Run `sudo pro fix CVE-2020-29573` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9.1
libc-bin - 2.31-0ubuntu9.1
libc6 - 2.31-0ubuntu9.1
libc6-amd64 - 2.31-0ubuntu9.1
libc6-armel - 2.31-0ubuntu9.1
libc6-i386 - 2.31-0ubuntu9.1
libc6-lse - 2.31-0ubuntu9.1
libc6-pic - 2.31-0ubuntu9.1
libc6-prof - 2.31-0ubuntu9.1
libc6-s390 - 2.31-0ubuntu9.1
libc6-x32 - 2.31-0ubuntu9.1
locales - 2.31-0ubuntu9.1
locales-all - 2.31-0ubuntu9.1
nscd - 2.31-0ubuntu9.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-12-06
https://sourceware.org/bugzilla/show_bug.cgi?id=26649
CVE-2020-29573
mdeslaur> fixed in 2.23 and later
CVE-2020-29660 on Ubuntu 20.04 LTS (focal) - medium.
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-29660` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-66.74
linux-image-5.4.0-153-generic-lpae - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-generic - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-66.74
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1038.40
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1037.40
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1036.38
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1033.34
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1029.32
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-66.74
linux-image-5.4.0-105-lowlatency - 5.4.0-66.74
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1038.40
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1040.42
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1037.40
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1036.38
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1033.34
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-12-09
2020-12-09
Jann Horn
CVE-2020-29660
CVE-2020-29661 on Ubuntu 20.04 LTS (focal) - high.
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-29661` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-66.74
linux-image-5.4.0-153-generic-lpae - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-generic - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-66.74
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1038.40
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1037.40
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1036.38
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1033.34
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1029.32
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-66.74
linux-image-5.4.0-105-lowlatency - 5.4.0-66.74
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1038.40
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1040.42
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1037.40
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1036.38
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1033.34
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2020 Canonical Ltd.
2020-12-09
2020-12-09
Jann Horn
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1909486
CVE-2020-29661
CVE-2020-35504 on Ubuntu 20.04 LTS (focal) - low.
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Update Instructions:
Run `sudo pro fix CVE-2020-35504` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.17
qemu-block-extra - 1:4.2-3ubuntu6.17
qemu-guest-agent - 1:4.2-3ubuntu6.17
qemu-kvm - 1:4.2-3ubuntu6.17
qemu-system - 1:4.2-3ubuntu6.17
qemu-system-arm - 1:4.2-3ubuntu6.17
qemu-system-common - 1:4.2-3ubuntu6.17
qemu-system-data - 1:4.2-3ubuntu6.17
qemu-system-gui - 1:4.2-3ubuntu6.17
qemu-system-mips - 1:4.2-3ubuntu6.17
qemu-system-misc - 1:4.2-3ubuntu6.17
qemu-system-ppc - 1:4.2-3ubuntu6.17
qemu-system-s390x - 1:4.2-3ubuntu6.17
qemu-system-sparc - 1:4.2-3ubuntu6.17
qemu-system-x86 - 1:4.2-3ubuntu6.17
qemu-system-x86-microvm - 1:4.2-3ubuntu6.17
qemu-system-x86-xen - 1:4.2-3ubuntu6.17
qemu-user - 1:4.2-3ubuntu6.17
qemu-user-binfmt - 1:4.2-3ubuntu6.17
qemu-user-static - 1:4.2-3ubuntu6.17
qemu-utils - 1:4.2-3ubuntu6.17
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-05-28
2021-05-28
Cheolwoo Myung
https://bugzilla.redhat.com/show_bug.cgi?id=1909766
https://bugs.launchpad.net/qemu/+bug/1910723
CVE-2020-35504
CVE-2020-35505 on Ubuntu 20.04 LTS (focal) - low.
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Update Instructions:
Run `sudo pro fix CVE-2020-35505` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.17
qemu-block-extra - 1:4.2-3ubuntu6.17
qemu-guest-agent - 1:4.2-3ubuntu6.17
qemu-kvm - 1:4.2-3ubuntu6.17
qemu-system - 1:4.2-3ubuntu6.17
qemu-system-arm - 1:4.2-3ubuntu6.17
qemu-system-common - 1:4.2-3ubuntu6.17
qemu-system-data - 1:4.2-3ubuntu6.17
qemu-system-gui - 1:4.2-3ubuntu6.17
qemu-system-mips - 1:4.2-3ubuntu6.17
qemu-system-misc - 1:4.2-3ubuntu6.17
qemu-system-ppc - 1:4.2-3ubuntu6.17
qemu-system-s390x - 1:4.2-3ubuntu6.17
qemu-system-sparc - 1:4.2-3ubuntu6.17
qemu-system-x86 - 1:4.2-3ubuntu6.17
qemu-system-x86-microvm - 1:4.2-3ubuntu6.17
qemu-system-x86-xen - 1:4.2-3ubuntu6.17
qemu-user - 1:4.2-3ubuntu6.17
qemu-user-binfmt - 1:4.2-3ubuntu6.17
qemu-user-static - 1:4.2-3ubuntu6.17
qemu-utils - 1:4.2-3ubuntu6.17
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-05-28
2021-05-28
Cheolwoo Myung
https://bugzilla.redhat.com/show_bug.cgi?id=1909769
https://bugs.launchpad.net/qemu/+bug/1910723
CVE-2020-35505
mdeslaur> same commits as CVE-2020-35504
CVE-2020-35508 on Ubuntu 20.04 LTS (focal) - low.
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. It was discovered that a race condition existed that caused the Linux kernel to not properly restrict exit signal delivery. A local attacker could possibly use this to send signals to arbitrary processes.
Update Instructions:
Run `sudo pro fix CVE-2020-35508` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-59.65
linux-image-5.4.0-153-generic-lpae - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-generic - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-59.65
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1035.36
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1035.36
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1034.36
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1026.29
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-59.65
linux-image-5.4.0-105-lowlatency - 5.4.0-59.65
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1035.36
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1035.36
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1033.35
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1031.32
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1034.36
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-12-31
2020-12-31
Eddy Wu
CVE-2020-35508
mdeslaur> possibly Red Hat specific, but bug lists upstream commits, needs investigation sbeattie> The upstream commit is with respect to the race condition, not the improper initialization.
CVE-2020-35519 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Kiyin (尹亮) discovered that the x25 implementation in the Linux kernel contained overflows when handling addresses from user space. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-35519` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-66.74
linux-image-5.4.0-153-generic-lpae - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-generic - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-66.74
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1038.40
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1037.40
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1036.38
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1033.34
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1056.60
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1029.32
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-17.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-66.74
linux-image-5.4.0-105-lowlatency - 5.4.0-66.74
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1038.40
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1040.42
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1037.40
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1036.38
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1033.34
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1056.60
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-18
2021-03-18
Kiyin (尹亮)
CVE-2020-35519
CVE-2020-36158 on Ubuntu 20.04 LTS (focal) - medium.
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-36158` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-67.75
linux-image-5.4.0-153-generic-lpae - 5.4.0-67.75
linux-image-unsigned-5.4.0-153-generic - 5.4.0-67.75
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-67.75
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1039.41
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1037.39
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1011.12
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-45.51~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-45.51~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-45.51~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-45.51~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-45.51~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1011.12
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1039.42
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1030.33
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-18.20~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-67.75
linux-image-5.4.0-105-lowlatency - 5.4.0-67.75
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1039.41
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1041.43
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1041.43
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1037.39
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1011.12
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-45.51~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-45.51~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-45.51~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1034.35
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1011.12
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1039.42
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-01-05
2021-01-05
CVE-2020-36158
CVE-2020-36310 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.
Update Instructions:
Run `sudo pro fix CVE-2020-36310` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1024.26
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1024.26
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-04-07
CVE-2020-36310
CVE-2020-36311 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. It was discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not ensure enough processing time was given to perform cleanups of large SEV VMs. A local attacker could use this to cause a denial of service (soft lockup).
Update Instructions:
Run `sudo pro fix CVE-2020-36311` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-84.94
linux-image-5.4.0-153-generic-lpae - 5.4.0-84.94
linux-image-unsigned-5.4.0-153-generic - 5.4.0-84.94
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-84.94
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1056.59
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1058.60
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1058.60
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1052.56
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1052.55
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1023.24
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1004.5
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1054.58
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-84.94
linux-image-5.4.0-105-lowlatency - 5.4.0-84.94
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1056.59
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1058.60
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1058.60
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1052.56
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1052.55
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1023.24
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1004.5
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1046.48
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1054.58
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-04-07
2021-04-07
CVE-2020-36311
sbeattie> break commit 5dd0a57cf38ee is when SEV was introduced, actual break may be more recent.
CVE-2020-36312 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.
Update Instructions:
Run `sudo pro fix CVE-2020-36312` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1030.31
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1023.26
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1030.31
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1032.33
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-04-07
CVE-2020-36312
CVE-2020-36322 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. It was discovered that the FUSE user space file system implementation in the Linux kernel did not properly handle bad inodes in some situations. A local attacker could possibly use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2020-36322` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-67.75
linux-image-5.4.0-153-generic-lpae - 5.4.0-67.75
linux-image-unsigned-5.4.0-153-generic - 5.4.0-67.75
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-67.75
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1039.41
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1037.39
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1011.12
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-45.51~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-45.51~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-45.51~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-45.51~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-45.51~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1011.12
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1039.42
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1030.33
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-18.20~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-67.75
linux-image-5.4.0-105-lowlatency - 5.4.0-67.75
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1039.41
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1041.43
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1041.43
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1037.39
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1011.12
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-45.51~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-45.51~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-45.51~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1034.35
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1011.12
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1039.42
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-04-14
2021-04-14
CVE-2020-36322
CVE-2020-36385 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. It was discovered that the Infiniband RDMA userspace connection manager implementation in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possible execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-36385` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-90.101
linux-image-5.4.0-153-generic-lpae - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-generic - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-90.101
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1021.24
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1007.8
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-90.101
linux-image-5.4.0-105-lowlatency - 5.4.0-90.101
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1059.62
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1063.66
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1055.58
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1007.8
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1049.51
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-07
2021-06-07
CVE-2020-36385
CVE-2020-36386 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.
Update Instructions:
Run `sudo pro fix CVE-2020-36386` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-48.52
linux-image-5.4.0-153-generic-lpae - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-generic - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-48.52
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1024.24
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1019.21
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-48.52
linux-image-5.4.0-105-lowlatency - 5.4.0-48.52
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1025.25
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1026.26
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1026.26
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1024.24
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-07
CVE-2020-36386
CVE-2020-36516 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service (connection termination) or inject forged data.
Update Instructions:
Run `sudo pro fix CVE-2020-36516` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-109.123
linux-image-5.4.0-153-generic-lpae - 5.4.0-109.123
linux-image-unsigned-5.4.0-153-generic - 5.4.0-109.123
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-109.123
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1072.77
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1077.80
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1077.80
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1035.38
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1072.77
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1068.71
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1039.40
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1020.22
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1024.26
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1070.76
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1059.67
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-109.123
linux-image-5.4.0-105-lowlatency - 5.4.0-109.123
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1072.77
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1077.80
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1077.80
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1035.38
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1072.77
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1068.71
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1039.40
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1020.22
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1062.65
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1024.26
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1070.76
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-02-26
2022-02-26
Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu
CVE-2020-36516
CVE-2020-36557 on Ubuntu 20.04 LTS (focal) - medium.
A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.
Update Instructions:
Run `sudo pro fix CVE-2020-36557` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-24.28
linux-image-5.4.0-153-generic-lpae - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-generic - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-24.28
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1009.9
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1009.9
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1009.9
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-24.28
linux-image-5.4.0-105-lowlatency - 5.4.0-24.28
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1009.9
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1010.10
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1010.10
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1009.9
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1008.8
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1009.9
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-21
CVE-2020-36557
CVE-2020-36558 on Ubuntu 20.04 LTS (focal) - medium.
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.
Update Instructions:
Run `sudo pro fix CVE-2020-36558` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-21
CVE-2020-36558
CVE-2020-3702 on Ubuntu 20.04 LTS (focal) - medium.
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information (WiFi network traffic).
Update Instructions:
Run `sudo pro fix CVE-2020-3702` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-89.100
linux-image-5.4.0-153-generic-lpae - 5.4.0-89.100
linux-image-unsigned-5.4.0-153-generic - 5.4.0-89.100
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-89.100
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1058.61
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1020.21~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1020.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1056.60
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1054.57
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1025.26
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1006.7
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1056.60
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-89.100
linux-image-5.4.0-105-lowlatency - 5.4.0-89.100
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1058.61
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1062.65
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1062.65
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1020.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1056.60
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1054.57
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1025.26
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1006.7
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1048.50
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1056.60
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-09-08
2020-09-08
CVE-2020-3702
CVE-2020-6096 on Ubuntu 20.04 LTS (focal) - low.
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.
Update Instructions:
Run `sudo pro fix CVE-2020-6096` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9.7
libc-bin - 2.31-0ubuntu9.7
libc6 - 2.31-0ubuntu9.7
libc6-amd64 - 2.31-0ubuntu9.7
libc6-armel - 2.31-0ubuntu9.7
libc6-i386 - 2.31-0ubuntu9.7
libc6-lse - 2.31-0ubuntu9.7
libc6-pic - 2.31-0ubuntu9.7
libc6-prof - 2.31-0ubuntu9.7
libc6-s390 - 2.31-0ubuntu9.7
libc6-x32 - 2.31-0ubuntu9.7
locales - 2.31-0ubuntu9.7
locales-all - 2.31-0ubuntu9.7
nscd - 2.31-0ubuntu9.7
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-04-01
2020-04-01
Jason Royes and Samuel Dytrych
https://sourceware.org/bugzilla/show_bug.cgi?id=25620
CVE-2020-6096
CVE-2020-7039 on Ubuntu 20.04 LTS (focal) - medium.
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. It was discovered that the SLiRP networking implementation of the QEMU emulator did not properly manage memory under certain circumstances. An attacker could use this to cause a heap-based buffer overflow or other out-of-bounds access, which can lead to a denial of service (application crash) or potential execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-7039` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libslirp0 - 4.1.0-2
No subscription required
slirp - 1:1.0.17-10
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-01-16
2020-01-16
CVE-2020-7039
mdeslaur> possible better approach would be to disable tcp_emu completely https://gitlab.freedesktop.org/slirp/libslirp/commit/07c2a44b67e219ac14207f7a1b33704e1312cf91
CVE-2020-8608 on Ubuntu 20.04 LTS (focal) - medium.
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. It was discovered that the SLiRP networking implementation of the QEMU emulator misuses snprintf return values. An attacker could use this to cause a denial of service (application crash) or potentially execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-8608` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libslirp0 - 4.1.0-2ubuntu1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-02-06
2020-02-06
Laszlo Ersek
CVE-2020-8608
mdeslaur> possible better approach would be to disable tcp_emu completely https://gitlab.freedesktop.org/slirp/libslirp/commit/07c2a44b67e219ac14207f7a1b33704e1312cf91
CVE-2021-0129 on Ubuntu 20.04 LTS (focal) - medium.
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2021-0129` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
bluetooth - 5.53-0ubuntu3.2
bluez - 5.53-0ubuntu3.2
bluez-cups - 5.53-0ubuntu3.2
bluez-hcidump - 5.53-0ubuntu3.2
bluez-obexd - 5.53-0ubuntu3.2
bluez-tests - 5.53-0ubuntu3.2
libbluetooth3 - 5.53-0ubuntu3.2
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-80.90
linux-image-5.4.0-153-generic-lpae - 5.4.0-80.90
linux-image-unsigned-5.4.0-153-generic - 5.4.0-80.90
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-80.90
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1054.57
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1042.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1055.57
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1040.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1055.57
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1016.19
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1049.53
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1039.41
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1049.52
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1021.22
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1052.56
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1038.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1041.45
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-80.90
linux-image-5.4.0-105-lowlatency - 5.4.0-80.90
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1054.57
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1055.57
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1040.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1055.57
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1016.19
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1049.53
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1039.41
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1049.52
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1021.22
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1044.46
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1052.56
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1038.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-08
2021-06-08
2021-06-08
CVE-2021-0129
alexmurray> INTEL-SA-00517
CVE-2021-0512 on Ubuntu 20.04 LTS (focal) - medium.
In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel
Update Instructions:
Run `sudo pro fix CVE-2021-0512` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-71.79
linux-image-5.4.0-153-generic-lpae - 5.4.0-71.79
linux-image-unsigned-5.4.0-153-generic - 5.4.0-71.79
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-71.79
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1041.44
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1013.14
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1037.38
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1042.45
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1033.36
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-25.27~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-71.79
linux-image-5.4.0-105-lowlatency - 5.4.0-71.79
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1043.45
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1044.46
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1044.46
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1041.44
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1041.43
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1013.14
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1037.38
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1042.45
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-21
CVE-2021-0512
CVE-2021-0605 on Ubuntu 20.04 LTS (focal) - medium.
In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476
Update Instructions:
Run `sudo pro fix CVE-2021-0605` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1030.31
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1023.26
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1030.31
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1032.33
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-22
CVE-2021-0605
CVE-2021-0920 on Ubuntu 20.04 LTS (focal) - medium.
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel It was discovered a race condition existed in the Unix domain socket implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-0920` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-88.99
linux-image-5.4.0-153-generic-lpae - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-generic - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-88.99
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1053.57
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1053.56
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1024.25
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1005.6
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1055.59
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1044.48
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-88.99
linux-image-5.4.0-105-lowlatency - 5.4.0-88.99
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1057.60
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1059.62
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1053.57
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1053.56
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1024.25
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1005.6
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1047.49
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1055.59
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-15
2021-12-15
CVE-2021-0920
CVE-2021-0935 on Ubuntu 20.04 LTS (focal) - medium.
In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel It was discovered that the IPv6 implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-0935` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-10-25
2021-10-25
CVE-2021-0935
CVE-2021-0941 on Ubuntu 20.04 LTS (focal) - medium.
In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel
Update Instructions:
Run `sudo pro fix CVE-2021-0941` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-10-25
CVE-2021-0941
CVE-2021-1048 on Ubuntu 20.04 LTS (focal) - medium.
In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel
Update Instructions:
Run `sudo pro fix CVE-2021-1048` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-15
CVE-2021-1048
CVE-2021-20177 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected. It was discovered that the netfilter subsystem in the Linux kernel did not properly handle filter rules in some situations. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2021-20177` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-66.74
linux-image-5.4.0-153-generic-lpae - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-generic - 5.4.0-66.74
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-66.74
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1038.40
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1037.40
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1036.38
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1033.34
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1029.32
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-66.74
linux-image-5.4.0-105-lowlatency - 5.4.0-66.74
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1038.40
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1040.42
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1040.42
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1037.40
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1036.38
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1010.11
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1033.34
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-01-12
2021-01-12
https://bugzilla.kernel.org/show_bug.cgi?id=209823
CVE-2021-20177
CVE-2021-20181 on Ubuntu 20.04 LTS (focal) - medium.
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
Update Instructions:
Run `sudo pro fix CVE-2021-20181` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.12
qemu-block-extra - 1:4.2-3ubuntu6.12
qemu-guest-agent - 1:4.2-3ubuntu6.12
qemu-kvm - 1:4.2-3ubuntu6.12
qemu-system - 1:4.2-3ubuntu6.12
qemu-system-arm - 1:4.2-3ubuntu6.12
qemu-system-common - 1:4.2-3ubuntu6.12
qemu-system-data - 1:4.2-3ubuntu6.12
qemu-system-gui - 1:4.2-3ubuntu6.12
qemu-system-mips - 1:4.2-3ubuntu6.12
qemu-system-misc - 1:4.2-3ubuntu6.12
qemu-system-ppc - 1:4.2-3ubuntu6.12
qemu-system-s390x - 1:4.2-3ubuntu6.12
qemu-system-sparc - 1:4.2-3ubuntu6.12
qemu-system-x86 - 1:4.2-3ubuntu6.12
qemu-system-x86-microvm - 1:4.2-3ubuntu6.12
qemu-system-x86-xen - 1:4.2-3ubuntu6.12
qemu-user - 1:4.2-3ubuntu6.12
qemu-user-binfmt - 1:4.2-3ubuntu6.12
qemu-user-static - 1:4.2-3ubuntu6.12
qemu-utils - 1:4.2-3ubuntu6.12
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-02-01
2021-02-01
CVE-2021-20181
CVE-2021-20194 on Ubuntu 20.04 LTS (focal) - low.
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-20194` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-71.79
linux-image-5.4.0-153-generic-lpae - 5.4.0-71.79
linux-image-unsigned-5.4.0-153-generic - 5.4.0-71.79
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-71.79
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1041.44
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1013.14
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-45.51~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-45.51~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-45.51~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-45.51~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-45.51~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1037.38
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1017.18
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1042.45
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1033.36
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-18.20~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-71.79
linux-image-5.4.0-105-lowlatency - 5.4.0-71.79
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1043.45
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1044.46
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1044.46
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1041.44
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1041.43
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1013.14
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-45.51~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-45.51~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-45.51~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1037.38
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1017.18
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1042.45
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-02-23
2021-02-23
Loris Reiff
CVE-2021-20194
sbeattie> for 5.8 kernels, HARDENED_USERCOPY is enabled, and so is less likely to be vulnerable to code execution. Also, user BPF is disabled if booted under secure boot/lockdown.
CVE-2021-20196 on Ubuntu 20.04 LTS (focal) - low.
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Update Instructions:
Run `sudo pro fix CVE-2021-20196` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.21
qemu-block-extra - 1:4.2-3ubuntu6.21
qemu-guest-agent - 1:4.2-3ubuntu6.21
qemu-kvm - 1:4.2-3ubuntu6.21
qemu-system - 1:4.2-3ubuntu6.21
qemu-system-arm - 1:4.2-3ubuntu6.21
qemu-system-common - 1:4.2-3ubuntu6.21
qemu-system-data - 1:4.2-3ubuntu6.21
qemu-system-gui - 1:4.2-3ubuntu6.21
qemu-system-mips - 1:4.2-3ubuntu6.21
qemu-system-misc - 1:4.2-3ubuntu6.21
qemu-system-ppc - 1:4.2-3ubuntu6.21
qemu-system-s390x - 1:4.2-3ubuntu6.21
qemu-system-sparc - 1:4.2-3ubuntu6.21
qemu-system-x86 - 1:4.2-3ubuntu6.21
qemu-system-x86-microvm - 1:4.2-3ubuntu6.21
qemu-system-x86-xen - 1:4.2-3ubuntu6.21
qemu-user - 1:4.2-3ubuntu6.21
qemu-user-binfmt - 1:4.2-3ubuntu6.21
qemu-user-static - 1:4.2-3ubuntu6.21
qemu-utils - 1:4.2-3ubuntu6.21
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-05-26
2021-05-26
Gaoning Pan
https://bugzilla.redhat.com/show_bug.cgi?id=1919210
https://bugs.launchpad.net/qemu/+bug/1912780
CVE-2021-20196
CVE-2021-20203 on Ubuntu 20.04 LTS (focal) - low.
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
Update Instructions:
Run `sudo pro fix CVE-2021-20203` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.21
qemu-block-extra - 1:4.2-3ubuntu6.21
qemu-guest-agent - 1:4.2-3ubuntu6.21
qemu-kvm - 1:4.2-3ubuntu6.21
qemu-system - 1:4.2-3ubuntu6.21
qemu-system-arm - 1:4.2-3ubuntu6.21
qemu-system-common - 1:4.2-3ubuntu6.21
qemu-system-data - 1:4.2-3ubuntu6.21
qemu-system-gui - 1:4.2-3ubuntu6.21
qemu-system-mips - 1:4.2-3ubuntu6.21
qemu-system-misc - 1:4.2-3ubuntu6.21
qemu-system-ppc - 1:4.2-3ubuntu6.21
qemu-system-s390x - 1:4.2-3ubuntu6.21
qemu-system-sparc - 1:4.2-3ubuntu6.21
qemu-system-x86 - 1:4.2-3ubuntu6.21
qemu-system-x86-microvm - 1:4.2-3ubuntu6.21
qemu-system-x86-xen - 1:4.2-3ubuntu6.21
qemu-user - 1:4.2-3ubuntu6.21
qemu-user-binfmt - 1:4.2-3ubuntu6.21
qemu-user-static - 1:4.2-3ubuntu6.21
qemu-utils - 1:4.2-3ubuntu6.21
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-02-25
2021-02-25
Gaoning Pan
https://bugs.launchpad.net/qemu/+bug/1913873
https://bugs.launchpad.net/qemu/+bug/1890152
https://gitlab.com/qemu-project/qemu/-/issues/308
CVE-2021-20203
CVE-2021-20221 on Ubuntu 20.04 LTS (focal) - low.
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
Update Instructions:
Run `sudo pro fix CVE-2021-20221` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.17
qemu-block-extra - 1:4.2-3ubuntu6.17
qemu-guest-agent - 1:4.2-3ubuntu6.17
qemu-kvm - 1:4.2-3ubuntu6.17
qemu-system - 1:4.2-3ubuntu6.17
qemu-system-arm - 1:4.2-3ubuntu6.17
qemu-system-common - 1:4.2-3ubuntu6.17
qemu-system-data - 1:4.2-3ubuntu6.17
qemu-system-gui - 1:4.2-3ubuntu6.17
qemu-system-mips - 1:4.2-3ubuntu6.17
qemu-system-misc - 1:4.2-3ubuntu6.17
qemu-system-ppc - 1:4.2-3ubuntu6.17
qemu-system-s390x - 1:4.2-3ubuntu6.17
qemu-system-sparc - 1:4.2-3ubuntu6.17
qemu-system-x86 - 1:4.2-3ubuntu6.17
qemu-system-x86-microvm - 1:4.2-3ubuntu6.17
qemu-system-x86-xen - 1:4.2-3ubuntu6.17
qemu-user - 1:4.2-3ubuntu6.17
qemu-user-binfmt - 1:4.2-3ubuntu6.17
qemu-user-static - 1:4.2-3ubuntu6.17
qemu-utils - 1:4.2-3ubuntu6.17
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-05-13
2021-05-13
https://bugs.launchpad.net/qemu/+bug/1914353
CVE-2021-20221
CVE-2021-20239 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could allow a user space program to probe for valid kernel addresses. A local attacker could use this to ease exploitation of another kernel vulnerability.
Update Instructions:
Run `sudo pro fix CVE-2021-20239` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-67.75
linux-image-5.4.0-153-generic-lpae - 5.4.0-67.75
linux-image-unsigned-5.4.0-153-generic - 5.4.0-67.75
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-67.75
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1039.41
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1037.39
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1011.12
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-49.55~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-49.55~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-49.55~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-49.55~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-49.55~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1050.54
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1039.42
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1030.33
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-22.24~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-67.75
linux-image-5.4.0-105-lowlatency - 5.4.0-67.75
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1039.41
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1041.43
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1041.43
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1037.39
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1011.12
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-49.55~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-49.55~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-49.55~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1034.35
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1050.54
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1039.42
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-02-17
2021-02-17
Ryota Shiga
CVE-2021-20239
CVE-2021-20257 on Ubuntu 20.04 LTS (focal) - medium.
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Update Instructions:
Run `sudo pro fix CVE-2021-20257` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.17
qemu-block-extra - 1:4.2-3ubuntu6.17
qemu-guest-agent - 1:4.2-3ubuntu6.17
qemu-kvm - 1:4.2-3ubuntu6.17
qemu-system - 1:4.2-3ubuntu6.17
qemu-system-arm - 1:4.2-3ubuntu6.17
qemu-system-common - 1:4.2-3ubuntu6.17
qemu-system-data - 1:4.2-3ubuntu6.17
qemu-system-gui - 1:4.2-3ubuntu6.17
qemu-system-mips - 1:4.2-3ubuntu6.17
qemu-system-misc - 1:4.2-3ubuntu6.17
qemu-system-ppc - 1:4.2-3ubuntu6.17
qemu-system-s390x - 1:4.2-3ubuntu6.17
qemu-system-sparc - 1:4.2-3ubuntu6.17
qemu-system-x86 - 1:4.2-3ubuntu6.17
qemu-system-x86-microvm - 1:4.2-3ubuntu6.17
qemu-system-x86-xen - 1:4.2-3ubuntu6.17
qemu-user - 1:4.2-3ubuntu6.17
qemu-user-binfmt - 1:4.2-3ubuntu6.17
qemu-user-static - 1:4.2-3ubuntu6.17
qemu-utils - 1:4.2-3ubuntu6.17
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-02-23
2021-02-23
Alexander Bulekov, Cheolwoo Myung, Sergej Schumilo, Cornelius Aschermann, Simon Werner
CVE-2021-20257
CVE-2021-20292 on Ubuntu 20.04 LTS (focal) - low.
There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. It was discovered that the DRM subsystem in the Linux kernel contained double-free vulnerabilities. A privileged attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-20292` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-48.52
linux-image-5.4.0-153-generic-lpae - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-generic - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-48.52
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1024.24
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1019.21
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-48.52
linux-image-5.4.0-105-lowlatency - 5.4.0-48.52
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1025.25
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1026.26
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1026.26
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1024.24
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-03-24
2021-03-24
CVE-2021-20292
sbeattie> kernels with CONFIG_SLAB_FREELIST_HARDENED=y (which Ubuntu enables) are probably not affected.
CVE-2021-20317 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. It was discovered that a race condition existed in the timer implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2021-20317` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-09-27
2021-09-27
https://bugzilla.redhat.com/show_bug.cgi?id=2005258
CVE-2021-20317
CVE-2021-20321 on Ubuntu 20.04 LTS (focal) - medium.
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-20321` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-92.103
linux-image-5.4.0-153-generic-lpae - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-generic - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-92.103
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1023.26
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-52-generic-lpae - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1010.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1001.3
linux-image-unsigned-5.4.0-1014-iot - 5.4.0-1001.3
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1048.53
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1024.25~20.04.1
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1015.17~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-92.103
linux-image-5.4.0-105-lowlatency - 5.4.0-92.103
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1061.64
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1065.68
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1057.60
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-generic-64k - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1010.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1001.3
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1020.24
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-10-18
2021-10-18
CVE-2021-20321
CVE-2021-20322 on Ubuntu 20.04 LTS (focal) - medium.
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Keyu Man discovered that the ICMP implementation in the Linux kernel did not properly handle received ICMP error packets. A remote attacker could use this to facilitate attacks on UDP based services that depend on source port randomization.
Update Instructions:
Run `sudo pro fix CVE-2021-20322` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-92.103
linux-image-5.4.0-153-generic-lpae - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-generic - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-92.103
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1021.22~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1023.26
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1022.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1010.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1019.23
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1048.53
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-92.103
linux-image-5.4.0-105-lowlatency - 5.4.0-92.103
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1061.64
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1065.68
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1022.24~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1057.60
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1010.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1051.53
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1019.23
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-10-19
2021-10-19
Keyu Man
https://bugzilla.redhat.com/show_bug.cgi?id=2014230
CVE-2021-20322
CVE-2021-21781 on Ubuntu 20.04 LTS (focal) - medium.
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11
Update Instructions:
Run `sudo pro fix CVE-2021-21781` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-71.79
linux-image-5.4.0-153-generic-lpae - 5.4.0-71.79
linux-image-unsigned-5.4.0-153-generic - 5.4.0-71.79
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-71.79
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1041.44
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1013.14
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1037.38
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1017.18
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1042.45
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1033.36
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-25.27~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-71.79
linux-image-5.4.0-105-lowlatency - 5.4.0-71.79
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1043.45
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1044.46
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1044.46
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1041.44
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1041.43
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1013.14
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1037.38
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1017.18
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1042.45
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-18
CVE-2021-21781
CVE-2021-22543 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-22543` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-84.94
linux-image-5.4.0-153-generic-lpae - 5.4.0-84.94
linux-image-unsigned-5.4.0-153-generic - 5.4.0-84.94
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-84.94
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1056.59
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1058.60
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1063.66+cvm2.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1052.56
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1052.55
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1023.24
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1004.5
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1054.58
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1043.47
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1018.19~20.04.2
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-84.94
linux-image-5.4.0-105-lowlatency - 5.4.0-84.94
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1056.59
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1058.60
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1063.66+cvm2.2
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1052.56
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1052.55
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1023.24
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1004.5
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1054.58
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-26
2021-05-26
CVE-2021-22543
CVE-2021-22555 on Ubuntu 20.04 LTS (focal) - high.
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-22555` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-26.28~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-07-07
2021-07-07
Andy Nguyen
CVE-2021-22555
CVE-2021-22600 on Ubuntu 20.04 LTS (focal) - medium.
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-22600` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-100.113
linux-image-5.4.0-153-generic-lpae - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-generic - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-100.113
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1014.15~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1014.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1028.31
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1065.69
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-30.33~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-30.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1015.16
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1064.68
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1018.22~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1053.60
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-100.113
linux-image-5.4.0-105-lowlatency - 5.4.0-100.113
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1066.69
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1014.15~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1070.73
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1014.16~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1028.31
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1065.69
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1061.64
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-30.33~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-30.33~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-30.33~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1015.16
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1056.58
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1064.68
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1018.22~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-01-26
2022-01-26
CVE-2021-22600
CVE-2021-23133 on Ubuntu 20.04 LTS (focal) - medium.
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. Or Cohen discovered that the SCTP implementation in the Linux kernel contained a race condition in some situations, leading to a use-after-free condition. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-23133` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1063.66+cvm2.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1063.66+cvm2.2
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-04-22
2021-04-22
Or Cohen
CVE-2021-23133
sbeattie> commit b166a20b0738 "net/sctp: fix race condition in sctp_destroy_sock" in net-next
CVE-2021-23134 on Ubuntu 20.04 LTS (focal) - medium.
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-23134` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1041.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1039.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-63.71~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1037.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1039.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-63.71~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1037.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-12
2021-05-12
CVE-2021-23134
CVE-2021-23840 on Ubuntu 20.04 LTS (focal) - low.
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
Update Instructions:
Run `sudo pro fix CVE-2021-23840` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
ovmf - 0~20191122.bd85bf54-2ubuntu3.3
qemu-efi - 0~20191122.bd85bf54-2ubuntu3.3
qemu-efi-aarch64 - 0~20191122.bd85bf54-2ubuntu3.3
qemu-efi-arm - 0~20191122.bd85bf54-2ubuntu3.3
No subscription required
libssl1.1 - 1.1.1f-1ubuntu2.2
openssl - 1.1.1f-1ubuntu2.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-02-16
2021-02-16
Paul Kehrer
https://bugzilla.tianocore.org/show_bug.cgi?id=3266 (edk2)
CVE-2021-23840
mdeslaur> edk2 doesn't use EVP_CipherUpdate, EVP_EncryptUpdate, or EVP_DecryptUpdate, so it doesn't appear vulnerable to this issue edk2 upstream says EVP_DecryptUpdate is used by drivers
CVE-2021-26401 on Ubuntu 20.04 LTS (focal) - medium.
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2021-26401` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-110.124
linux-image-5.4.0-153-generic-lpae - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-generic - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-110.124
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1021.23
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1071.77
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1060.68
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-110.124
linux-image-5.4.0-105-lowlatency - 5.4.0-110.124
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1078.81
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1071.76
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1021.23
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1071.77
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-11
2022-03-11
Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki
CVE-2021-26401
CVE-2021-26708 on Ubuntu 20.04 LTS (focal) - high.
A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. Alexander Popov discovered that multiple race conditions existed in the AF_VSOCK implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-26708` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-43.49~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-43.49~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-43.49~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-43.49~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-43.49~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1016.17
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1047.51
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-16.18~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-43.49~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-43.49~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-43.49~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1016.17
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1047.51
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-02-05
2021-02-05
Alexander Popov
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668
CVE-2021-26708
CVE-2021-26930 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash).
Update Instructions:
Run `sudo pro fix CVE-2021-26930` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-71.79
linux-image-5.4.0-153-generic-lpae - 5.4.0-71.79
linux-image-unsigned-5.4.0-153-generic - 5.4.0-71.79
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-71.79
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1041.44
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1013.14
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1037.38
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1017.18
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1042.45
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1033.36
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-25.27~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-71.79
linux-image-5.4.0-105-lowlatency - 5.4.0-71.79
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1043.45
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1044.46
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1044.46
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1041.44
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1041.43
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1013.14
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1037.38
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1017.18
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1042.45
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-02-17
2021-02-17
Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr
CVE-2021-26930
CVE-2021-26931 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. Jan Beulich discovered that multiple Xen backends in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash).
Update Instructions:
Run `sudo pro fix CVE-2021-26931` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-71.79
linux-image-5.4.0-153-generic-lpae - 5.4.0-71.79
linux-image-unsigned-5.4.0-153-generic - 5.4.0-71.79
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-71.79
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1041.44
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1013.14
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1037.38
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1017.18
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1042.45
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1033.36
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-25.27~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-71.79
linux-image-5.4.0-105-lowlatency - 5.4.0-71.79
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1043.45
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1044.46
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1044.46
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1041.44
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1041.43
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1013.14
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1037.38
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1017.18
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1042.45
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-02-17
2021-02-17
Jan Beulich
CVE-2021-26931
CVE-2021-26932 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.
Update Instructions:
Run `sudo pro fix CVE-2021-26932` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-71.79
linux-image-5.4.0-153-generic-lpae - 5.4.0-71.79
linux-image-unsigned-5.4.0-153-generic - 5.4.0-71.79
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-71.79
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1041.44
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1013.14
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1037.38
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1042.45
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1033.36
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-71.79
linux-image-5.4.0-105-lowlatency - 5.4.0-71.79
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1043.45
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1044.46
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1044.46
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1041.44
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1041.43
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1013.14
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1037.38
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1042.45
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-02-17
Jan Beulich
CVE-2021-26932
CVE-2021-27363 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses).
Update Instructions:
Run `sudo pro fix CVE-2021-27363` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-70.78
linux-image-5.4.0-153-generic-lpae - 5.4.0-70.78
linux-image-unsigned-5.4.0-153-generic - 5.4.0-70.78
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-70.78
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1040.43
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1039.41
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1012.13
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1036.37
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1019.20
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1052.56
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1041.44
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1032.35
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-20.22~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-70.78
linux-image-5.4.0-105-lowlatency - 5.4.0-70.78
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1041.43
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1043.45
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1043.45
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1040.43
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1039.41
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1012.13
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1036.37
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1019.20
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1052.56
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1041.44
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-07
2021-03-07
Adam Nichols
CVE-2021-27363
CVE-2021-27364 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. Adam Nichols discovered that an out-of-bounds read existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2021-27364` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-70.78
linux-image-5.4.0-153-generic-lpae - 5.4.0-70.78
linux-image-unsigned-5.4.0-153-generic - 5.4.0-70.78
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-70.78
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1040.43
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1039.41
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1012.13
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1036.37
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1019.20
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1052.56
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1041.44
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1032.35
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-20.22~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-70.78
linux-image-5.4.0-105-lowlatency - 5.4.0-70.78
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1041.43
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1043.45
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1043.45
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1040.43
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1039.41
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1012.13
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1036.37
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1019.20
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1052.56
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1041.44
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-07
2021-03-07
Adam Nichols
https://bugzilla.suse.com/show_bug.cgi?id=1182717
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-27364
CVE-2021-27364
sbeattie> Reading the discoverers article, it looks like the CVE was assigned for the out of bounds read vulnerability addressed by f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5, not 688e8128b7a92d as described by Marcus in his oss-security posting. However, 688e8128b7a92d commit requiring CAP_SYS_ADMIN for netlink access also mitigates the vulnerability.
CVE-2021-27365 on Ubuntu 20.04 LTS (focal) - high.
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-27365` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-70.78
linux-image-5.4.0-153-generic-lpae - 5.4.0-70.78
linux-image-unsigned-5.4.0-153-generic - 5.4.0-70.78
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-70.78
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1040.43
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1039.41
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1012.13
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1036.37
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1019.20
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1052.56
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1041.44
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1032.35
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-20.22~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-70.78
linux-image-5.4.0-105-lowlatency - 5.4.0-70.78
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1041.43
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1043.45
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1043.45
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1040.43
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1039.41
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1012.13
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1036.37
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1019.20
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1052.56
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1041.44
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-03-07
2021-03-07
Adam Nichols
CVE-2021-27365
CVE-2021-27645 on Ubuntu 20.04 LTS (focal) - low.
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
Update Instructions:
Run `sudo pro fix CVE-2021-27645` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9.7
libc-bin - 2.31-0ubuntu9.7
libc6 - 2.31-0ubuntu9.7
libc6-amd64 - 2.31-0ubuntu9.7
libc6-armel - 2.31-0ubuntu9.7
libc6-i386 - 2.31-0ubuntu9.7
libc6-lse - 2.31-0ubuntu9.7
libc6-pic - 2.31-0ubuntu9.7
libc6-prof - 2.31-0ubuntu9.7
libc6-s390 - 2.31-0ubuntu9.7
libc6-x32 - 2.31-0ubuntu9.7
locales - 2.31-0ubuntu9.7
locales-all - 2.31-0ubuntu9.7
nscd - 2.31-0ubuntu9.7
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-02-24
2021-02-24
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983479
https://sourceware.org/bugzilla/show_bug.cgi?id=27462
CVE-2021-27645
mdeslaur> introduced in 2.29 by: https://sourceware.org/git/?p=glibc.git;a=commit;h=745664bd798ec8fd50438605948eea594179fba1 introduced in 2.28-1 debian packaging by: https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919
CVE-2021-28038 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash).
Update Instructions:
Run `sudo pro fix CVE-2021-28038` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-73.82
linux-image-5.4.0-153-generic-lpae - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-generic - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-73.82
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1043.46
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1039.40
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1045.49
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1035.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-26.28~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-73.82
linux-image-5.4.0-105-lowlatency - 5.4.0-73.82
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1048.50
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1047.49
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1043.46
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1043.45
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1039.40
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-05
2021-03-05
Jan Beulich
CVE-2021-28038
sbeattie> kernels where the fix for CVE-2021-26931 had not landed yet are not affected by this issue.
CVE-2021-28375 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. It was discovered that the fastrpc driver in the Linux kernel did not prevent user space applications from sending kernel RPC messages. A local attacker could possibly use this to gain elevated privileges.
Update Instructions:
Run `sudo pro fix CVE-2021-28375` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-73.82
linux-image-5.4.0-153-generic-lpae - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-generic - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-73.82
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1043.46
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1039.40
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1056.60
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1045.49
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1035.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-25.27~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-73.82
linux-image-5.4.0-105-lowlatency - 5.4.0-73.82
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1048.50
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1047.49
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1043.46
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1043.45
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1039.40
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1056.60
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-15
2021-03-15
CVE-2021-28375
CVE-2021-28660 on Ubuntu 20.04 LTS (focal) - medium.
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. It was discovered that the Realtek RTL8188EU Wireless device driver in the Linux kernel did not properly validate ssid lengths in some situations. An attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-28660` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-73.82
linux-image-5.4.0-153-generic-lpae - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-generic - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-73.82
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1043.46
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1039.40
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1045.49
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1035.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-26.28~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-73.82
linux-image-5.4.0-105-lowlatency - 5.4.0-73.82
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1048.50
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1047.49
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1043.46
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1043.45
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1039.40
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-17
2021-03-17
CVE-2021-28660
CVE-2021-28688 on Ubuntu 20.04 LTS (focal) - low.
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. It was discovered that the Xen paravirtualization backend in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2021-28688` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-26.28~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-04-06
2021-04-06
CVE-2021-28688
CVE-2021-28691 on Ubuntu 20.04 LTS (focal) - medium.
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-28691` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1042.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1040.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1039.41
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1038.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1040.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1039.41
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1038.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-29
2021-06-29
Michael Brown
CVE-2021-28691
CVE-2021-28711 on Ubuntu 20.04 LTS (focal) - low.
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs.
Update Instructions:
Run `sudo pro fix CVE-2021-28711` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-01-05
2022-01-05
Jürgen Groß
CVE-2021-28711
rodrigo-zaiden> linux-aws in 4.4 kernels (trusty and xenial) won't include fixes for this CVE as these kernels may have xen/blkfront specific changes and the backport is too risky.
CVE-2021-28712 on Ubuntu 20.04 LTS (focal) - low.
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs.
Update Instructions:
Run `sudo pro fix CVE-2021-28712` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-01-05
2022-01-05
Jürgen Groß
CVE-2021-28712
CVE-2021-28713 on Ubuntu 20.04 LTS (focal) - low.
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs.
Update Instructions:
Run `sudo pro fix CVE-2021-28713` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-01-05
2022-01-05
Jürgen Groß
CVE-2021-28713
CVE-2021-28714 on Ubuntu 20.04 LTS (focal) - medium.
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) Jürgen Groß discovered that the Xen network backend driver in the Linux kernel did not adequately limit the amount of queued packets when a guest did not process them. An attacker in a guest VM can use this to cause a denial of service (excessive kernel memory consumption) in the network backend domain.
Update Instructions:
Run `sudo pro fix CVE-2021-28714` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-01-06
2022-01-06
Jürgen Groß
CVE-2021-28714
CVE-2021-28715 on Ubuntu 20.04 LTS (focal) - medium.
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) Jürgen Groß discovered that the Xen network backend driver in the Linux kernel did not adequately limit the amount of queued packets when a guest did not process them. An attacker in a guest VM can use this to cause a denial of service (excessive kernel memory consumption) in the network backend domain.
Update Instructions:
Run `sudo pro fix CVE-2021-28715` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-01-06
2022-01-06
Jürgen Groß
CVE-2021-28715
CVE-2021-28950 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. It was discovered that the fuse user space file system implementation in the Linux kernel did not properly handle bad inodes in some situations. A local attacker could possibly use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2021-28950` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-26.28~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-20
2021-03-20
CVE-2021-28950
CVE-2021-28964 on Ubuntu 20.04 LTS (focal) - medium.
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. Zygo Blaxell discovered that the btrfs file system implementation in the Linux kernel contained a race condition during certain cloning operations. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-28964` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-26.28~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-22
2021-03-22
Zygo Blaxell
CVE-2021-28964
CVE-2021-28971 on Ubuntu 20.04 LTS (focal) - medium.
In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. Vince Weaver discovered that the perf subsystem in the Linux kernel did not properly handle certain PEBS records properly for some Intel Haswell processors. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-28971` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-26.28~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-22
2021-03-22
Vince Weaver
CVE-2021-28971
CVE-2021-28972 on Ubuntu 20.04 LTS (focal) - medium.
In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8. It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-28972` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-26.28~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-22
2021-03-22
CVE-2021-28972
CVE-2021-29154 on Ubuntu 20.04 LTS (focal) - high.
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-29154` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-72.80
linux-image-5.4.0-153-generic-lpae - 5.4.0-72.80
linux-image-unsigned-5.4.0-153-generic - 5.4.0-72.80
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-72.80
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1045.47
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1042.45
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1042.44
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1014.15
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-50.56~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-50.56~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-50.56~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-50.56~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1038.39
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1022.23
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1043.46
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1034.37
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-22.24~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-72.80
linux-image-5.4.0-105-lowlatency - 5.4.0-72.80
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1045.47
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1046.48
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1042.45
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1042.44
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1014.15
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-50.56~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-50.56~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1038.39
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1022.23
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1043.46
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-04-08
2021-04-08
cascardo
Piotr Krysiuk
CVE-2021-29154
sbeattie> this issue is priority medium for trusty/3.13 kernels, as unprivileged BPF was not yet available in the Linux kernel of that era.
CVE-2021-29155 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. Piotr Krysiuk and Benedict Schlueter discovered that the eBPF implementation in the Linux kernel performed out of bounds speculation on pointer arithmetic. A local attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2021-29155` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1029.30
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1029.30
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-04-20
2021-04-20
Piotr Krysiuk and Benedict Schlueter
CVE-2021-29155
CVE-2021-29264 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. It was discovered that the Freescale Gianfar Ethernet driver for the Linux kernel did not properly handle receive queue overrun when jumbo frames were enabled in some situations. An attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-29264` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-25.27~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-26
2021-03-26
CVE-2021-29264
CVE-2021-29265 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70. It was discovered that the USB/IP driver in the Linux kernel contained race conditions during the update of local and shared status. An attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-29265` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-73.82
linux-image-5.4.0-153-generic-lpae - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-generic - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-73.82
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1043.46
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1039.40
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1045.49
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1035.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-25.27~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-73.82
linux-image-5.4.0-105-lowlatency - 5.4.0-73.82
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1048.50
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1047.49
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1043.46
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1043.45
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1039.40
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-26
2021-03-26
CVE-2021-29265
CVE-2021-29266 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0. It was discovered that the vDPA backend virtio driver in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-29266` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-25.27~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-26
2021-03-26
CVE-2021-29266
sbeattie> likely requires write access to /dev/virtio-vdpa-* devices
CVE-2021-29646 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. It was discovered that the TIPC protocol implementation in the Linux kernel did not properly validate passed encryption key sizes. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-29646` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1056.60
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-25.27~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1056.60
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-30
2021-03-30
CVE-2021-29646
CVE-2021-29647 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. It was discovered that the Qualcomm IPC router implementation in the Linux kernel did not properly initialize memory passed to user space. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2021-29647` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-26.28~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-03-30
2021-03-30
CVE-2021-29647
CVE-2021-29650 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. It was discovered that a race condition existed in the netfilter subsystem of the Linux kernel when replacing tables. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-29650` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-73.82
linux-image-5.4.0-153-generic-lpae - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-generic - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-73.82
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1043.46
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1039.40
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1056.60
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1045.49
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1035.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-25.27~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-73.82
linux-image-5.4.0-105-lowlatency - 5.4.0-73.82
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1048.50
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1047.49
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1043.46
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1043.45
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1039.40
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1056.60
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-30
2021-03-30
CVE-2021-29650
CVE-2021-30002 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. Arnd Bergmann discovered that the video4linux subsystem in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2021-30002` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-73.82
linux-image-5.4.0-153-generic-lpae - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-generic - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-73.82
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1043.46
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1039.40
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1056.60
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1045.49
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1035.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-26.28~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-73.82
linux-image-5.4.0-105-lowlatency - 5.4.0-73.82
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1048.50
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1047.49
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1043.46
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1043.45
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1039.40
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1056.60
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-04-02
2021-04-02
Arnd Bergmann
CVE-2021-30002
CVE-2021-31440 on Ubuntu 20.04 LTS (focal) - medium.
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661. Manfred Paul discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel contained an out-of-bounds vulnerability. A local attacker could use this issue to execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-31440` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-21
2021-05-21
CVE-2021-31440
CVE-2021-3178 on Ubuntu 20.04 LTS (focal) - negligible.
** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. 吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions.
Update Instructions:
Run `sudo pro fix CVE-2021-3178` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-67.75
linux-image-5.4.0-153-generic-lpae - 5.4.0-67.75
linux-image-unsigned-5.4.0-153-generic - 5.4.0-67.75
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-67.75
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1039.41
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1037.39
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1011.12
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-49.55~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-49.55~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-49.55~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-49.55~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-49.55~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1014.15
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1039.42
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1030.33
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-22.24~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-67.75
linux-image-5.4.0-105-lowlatency - 5.4.0-67.75
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1039.41
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1041.43
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1041.43
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1037.39
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1011.12
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-49.55~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-49.55~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-49.55~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1034.35
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1014.15
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1053.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1039.42
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2021 Canonical Ltd.
2021-01-19
2021-01-19
吴异
CVE-2021-3178
mdeslaur> security relevance is disputed
CVE-2021-31829 on Ubuntu 20.04 LTS (focal) - medium.
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2021-31829` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1029.30
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1029.30
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-06
2021-05-06
Piotr Krysiuk
CVE-2021-31829
CVE-2021-31916 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Dan Carpenter discovered that the block device manager (dm) implementation in the Linux kernel contained a buffer overflow in the ioctl for listing devices. A privileged local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-31916` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-26.28~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-04-30
2021-04-30
Dan Carpenter
CVE-2021-31916
CVE-2021-32399 on Ubuntu 20.04 LTS (focal) - medium.
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-32399` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1041.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1039.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-63.71~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1037.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1039.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-63.71~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1037.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-10
2021-05-10
CVE-2021-32399
CVE-2021-33033 on Ubuntu 20.04 LTS (focal) - medium.
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. It was discovered that the CIPSO implementation in the Linux kernel did not properly perform reference counting in some situations, leading to use- after-free vulnerabilities. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-33033` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-73.82
linux-image-5.4.0-153-generic-lpae - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-generic - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-73.82
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1043.46
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1039.40
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1045.49
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1035.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-26.28~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-73.82
linux-image-5.4.0-105-lowlatency - 5.4.0-73.82
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1048.50
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1047.49
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1043.46
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1043.45
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1039.40
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-14
2021-05-14
CVE-2021-33033
sbeattie> looks to be introduced primarily in d7cce01504a0 1165affd484889d4986cf3b724318935a0b120d8 seems like an unrelated separate issue?
CVE-2021-33034 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-33034` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1041.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1039.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-63.71~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1037.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1039.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-63.71~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1037.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-14
2021-05-14
CVE-2021-33034
CVE-2021-33061 on Ubuntu 20.04 LTS (focal) - medium.
Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2021-33061` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-125.141
linux-image-5.4.0-153-generic-lpae - 5.4.0-125.141
linux-image-unsigned-5.4.0-153-generic - 5.4.0-125.141
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-125.141
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1084.91
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1090.95
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1090.95
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1087.95
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1081.87
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1052.55
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1032.36
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1049.56
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1082.90
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1069.79
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-125.141
linux-image-5.4.0-105-lowlatency - 5.4.0-125.141
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1084.91
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1090.95
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1090.95
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1045.50
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1087.95
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1081.87
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1052.55
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1032.36
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1049.56
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1082.90
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1017.22~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-02-09
2022-02-09
Asaf Modelevsky
https://bugzilla.suse.com/show_bug.cgi?id=1196426
CVE-2021-33061
sbeattie> may need two more commits according to the suse bug rodrigo-zaiden> added the two commits mentioned in suse bug as they got merged upstream.
CVE-2021-33098 on Ubuntu 20.04 LTS (focal) - medium.
Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. Asaf Modelevsky discovered that the Intel(R) Ethernet ixgbe driver for the Linux kernel did not properly validate large MTU requests from Virtual Function (VF) devices. A local attacker could possibly use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2021-33098` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-80.90
linux-image-5.4.0-153-generic-lpae - 5.4.0-80.90
linux-image-unsigned-5.4.0-153-generic - 5.4.0-80.90
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-80.90
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1054.57
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1055.57
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1055.57
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1016.19
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1049.53
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1049.52
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1021.22
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1052.56
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1041.45
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-80.90
linux-image-5.4.0-105-lowlatency - 5.4.0-80.90
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1054.57
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1055.57
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1055.57
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1016.19
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1049.53
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1049.52
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1021.22
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1044.46
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1052.56
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-11-17
2021-11-17
Asaf Modelevsky
CVE-2021-33098
seth-arnold> We don't yet know if this affects Ubuntu Linux.
CVE-2021-33200 on Ubuntu 20.04 LTS (focal) - high.
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-33200` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-05-27
2021-05-27
cascardo
Piotr Krysiuk
CVE-2021-33200
CVE-2021-3326 on Ubuntu 20.04 LTS (focal) - low.
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2021-3326` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9.7
libc-bin - 2.31-0ubuntu9.7
libc6 - 2.31-0ubuntu9.7
libc6-amd64 - 2.31-0ubuntu9.7
libc6-armel - 2.31-0ubuntu9.7
libc6-i386 - 2.31-0ubuntu9.7
libc6-lse - 2.31-0ubuntu9.7
libc6-pic - 2.31-0ubuntu9.7
libc6-prof - 2.31-0ubuntu9.7
libc6-s390 - 2.31-0ubuntu9.7
libc6-x32 - 2.31-0ubuntu9.7
locales - 2.31-0ubuntu9.7
locales-all - 2.31-0ubuntu9.7
nscd - 2.31-0ubuntu9.7
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-01-27
2021-01-27
Tavis Ormandy
https://sourceware.org/bugzilla/show_bug.cgi?id=27256
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981198
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1929105
CVE-2021-3326
CVE-2021-3347 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. It was discovered that the priority inheritance futex implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3347` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-67.75
linux-image-5.4.0-153-generic-lpae - 5.4.0-67.75
linux-image-unsigned-5.4.0-153-generic - 5.4.0-67.75
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-67.75
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1039.41
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1037.39
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1011.12
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-49.55~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-49.55~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-49.55~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-49.55~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-49.55~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1017.18
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1039.42
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1030.33
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-22.24~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-67.75
linux-image-5.4.0-105-lowlatency - 5.4.0-67.75
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1039.41
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1041.43
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1041.43
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1037.39
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1011.12
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-49.55~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-49.55~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-49.55~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1034.35
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1017.18
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1039.42
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-01-29
2021-01-29
CVE-2021-3347
sbeattie> the commits with no breaks entries are prerequisite fixes for the final patch.
CVE-2021-3348 on Ubuntu 20.04 LTS (focal) - medium.
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. It was discovered that the network block device (nbd) driver in the Linux kernel contained a use-after-free vulnerability during device setup. A local attacker with access to the nbd device could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3348` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-71.79
linux-image-5.4.0-153-generic-lpae - 5.4.0-71.79
linux-image-unsigned-5.4.0-153-generic - 5.4.0-71.79
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-71.79
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1041.44
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1013.14
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-49.55~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-49.55~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-49.55~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-49.55~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-49.55~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1037.38
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1017.18
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1042.45
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1033.36
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-22.24~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-71.79
linux-image-5.4.0-105-lowlatency - 5.4.0-71.79
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1043.45
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1044.46
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1044.46
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1041.44
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1041.43
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1013.14
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-49.55~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-49.55~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-49.55~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1037.38
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1017.18
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1042.45
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-02-01
2021-02-01
ADLab of venustech
CVE-2021-3348
CVE-2021-33624 on Ubuntu 20.04 LTS (focal) - medium.
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2021-33624` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-88.99
linux-image-5.4.0-153-generic-lpae - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-generic - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-88.99
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1053.57
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1053.56
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1024.25
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1005.6
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1055.59
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1044.48
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-88.99
linux-image-5.4.0-105-lowlatency - 5.4.0-88.99
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1057.60
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1059.62
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1053.57
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1053.56
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1024.25
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1005.6
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1047.49
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1055.59
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-23
2021-06-23
cascardo
Ofek Kirzner, Adam Morrison, Benedict Schlueter, Piotr Krysiuk
CVE-2021-33624
alexmurray> According to the oss-sec post 9183671af6dbf60a1219371d4ed73e23f43b49db is the main patch which is needed but I suspect we should take all 4
CVE-2021-33655 on Ubuntu 20.04 LTS (focal) - medium.
When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-33655` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-126.142
linux-image-5.4.0-153-generic-lpae - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-generic - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-126.142
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1085.92
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1046.51
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1033.37
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1049.56
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1083.91
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1070.80
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-126.142
linux-image-5.4.0-105-lowlatency - 5.4.0-126.142
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1085.92
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1046.51
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1033.37
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1075.80
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1049.56
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1083.91
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1018.23~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-18
2022-07-18
CVE-2021-33655
CVE-2021-33656 on Ubuntu 20.04 LTS (focal) - medium.
When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-33656` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-125.141
linux-image-5.4.0-153-generic-lpae - 5.4.0-125.141
linux-image-unsigned-5.4.0-153-generic - 5.4.0-125.141
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-125.141
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1084.91
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1090.95
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1090.95
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1087.95
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1081.87
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1052.55
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1032.36
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1082.90
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1069.79
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-125.141
linux-image-5.4.0-105-lowlatency - 5.4.0-125.141
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1084.91
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1090.95
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1090.95
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1045.50
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1087.95
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1081.87
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1052.55
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1032.36
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1082.90
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-18
2022-07-18
CVE-2021-33656
CVE-2021-33909 on Ubuntu 20.04 LTS (focal) - high.
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-33909` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-80.90
linux-image-5.4.0-153-generic-lpae - 5.4.0-80.90
linux-image-unsigned-5.4.0-153-generic - 5.4.0-80.90
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-80.90
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1054.57
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1014.15~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1041.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1055.57
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1012.13~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1039.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1055.57
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1016.19
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1049.53
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1014.16~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1049.52
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1021.22
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-25.27~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-25.27~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-25.27~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-25.27~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-25.27~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-63.71~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1052.56
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1037.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1041.45
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-80.90
linux-image-5.4.0-105-lowlatency - 5.4.0-80.90
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1054.57
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1055.57
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1012.13~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1039.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1055.57
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1016.19
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1049.53
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1014.16~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1049.52
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1021.22
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-25.27~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-25.27~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-25.27~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-63.71~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1044.46
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1052.56
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1037.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-07-20
2021-07-20
cascardo
2021-07-20
CVE-2021-33909
CVE-2021-3392 on Ubuntu 20.04 LTS (focal) - low.
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.
Update Instructions:
Run `sudo pro fix CVE-2021-3392` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.17
qemu-block-extra - 1:4.2-3ubuntu6.17
qemu-guest-agent - 1:4.2-3ubuntu6.17
qemu-kvm - 1:4.2-3ubuntu6.17
qemu-system - 1:4.2-3ubuntu6.17
qemu-system-arm - 1:4.2-3ubuntu6.17
qemu-system-common - 1:4.2-3ubuntu6.17
qemu-system-data - 1:4.2-3ubuntu6.17
qemu-system-gui - 1:4.2-3ubuntu6.17
qemu-system-mips - 1:4.2-3ubuntu6.17
qemu-system-misc - 1:4.2-3ubuntu6.17
qemu-system-ppc - 1:4.2-3ubuntu6.17
qemu-system-s390x - 1:4.2-3ubuntu6.17
qemu-system-sparc - 1:4.2-3ubuntu6.17
qemu-system-x86 - 1:4.2-3ubuntu6.17
qemu-system-x86-microvm - 1:4.2-3ubuntu6.17
qemu-system-x86-xen - 1:4.2-3ubuntu6.17
qemu-user - 1:4.2-3ubuntu6.17
qemu-user-binfmt - 1:4.2-3ubuntu6.17
qemu-user-static - 1:4.2-3ubuntu6.17
qemu-utils - 1:4.2-3ubuntu6.17
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-03-23
2021-03-23
Cheolwoo Myung
https://bugs.launchpad.net/qemu/+bug/1914236
CVE-2021-3392
CVE-2021-3409 on Ubuntu 20.04 LTS (focal) - medium.
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
Update Instructions:
Run `sudo pro fix CVE-2021-3409` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.17
qemu-block-extra - 1:4.2-3ubuntu6.17
qemu-guest-agent - 1:4.2-3ubuntu6.17
qemu-kvm - 1:4.2-3ubuntu6.17
qemu-system - 1:4.2-3ubuntu6.17
qemu-system-arm - 1:4.2-3ubuntu6.17
qemu-system-common - 1:4.2-3ubuntu6.17
qemu-system-data - 1:4.2-3ubuntu6.17
qemu-system-gui - 1:4.2-3ubuntu6.17
qemu-system-mips - 1:4.2-3ubuntu6.17
qemu-system-misc - 1:4.2-3ubuntu6.17
qemu-system-ppc - 1:4.2-3ubuntu6.17
qemu-system-s390x - 1:4.2-3ubuntu6.17
qemu-system-sparc - 1:4.2-3ubuntu6.17
qemu-system-x86 - 1:4.2-3ubuntu6.17
qemu-system-x86-microvm - 1:4.2-3ubuntu6.17
qemu-system-x86-xen - 1:4.2-3ubuntu6.17
qemu-user - 1:4.2-3ubuntu6.17
qemu-user-binfmt - 1:4.2-3ubuntu6.17
qemu-user-static - 1:4.2-3ubuntu6.17
qemu-utils - 1:4.2-3ubuntu6.17
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-23
2021-03-23
https://bugzilla.redhat.com/show_bug.cgi?id=1928146
https://bugs.launchpad.net/qemu/+bug/1909418
CVE-2021-3409
CVE-2021-3428 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. Wolfgang Frisch discovered that the ext4 file system implementation in the Linux kernel contained an integer overflow when handling metadata inode extents. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-3428` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-90.101
linux-image-5.4.0-153-generic-lpae - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-generic - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-90.101
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1021.24
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1007.8
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-90.101
linux-image-5.4.0-105-lowlatency - 5.4.0-90.101
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1059.62
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1063.66
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1055.58
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1007.8
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1049.51
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-03-15
2021-03-15
Wolfgang Frisch
https://bugzilla.suse.com/show_bug.cgi?id=1173485
https://bugzilla.redhat.com/show_bug.cgi?id=1936786
CVE-2021-3428
CVE-2021-3444 on Ubuntu 20.04 LTS (focal) - high.
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3444` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-70.78
linux-image-5.4.0-153-generic-lpae - 5.4.0-70.78
linux-image-unsigned-5.4.0-153-generic - 5.4.0-70.78
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-70.78
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1040.43
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1039.41
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1012.13
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1036.37
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1019.20
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1052.56
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1041.44
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1032.35
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-20.22~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-70.78
linux-image-5.4.0-105-lowlatency - 5.4.0-70.78
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1041.43
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1043.45
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1043.45
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1040.43
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1039.41
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1012.13
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1036.37
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1019.20
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1052.56
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1041.44
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-03-23
2021-03-23
cascardo
De4dCr0w of 360 Alpha Lab
2021-03-23
CVE-2021-3444
sbeattie> both f6b1b3bf0d5f681631a293cfe1ca934b81716f1e and 468f6eafa6c4 are needed for a system to be vulnerable. e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 is likely needed as a prerequisite fix as well
CVE-2021-3449 on Ubuntu 20.04 LTS (focal) - high.
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
Update Instructions:
Run `sudo pro fix CVE-2021-3449` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2.3
openssl - 1.1.1f-1ubuntu2.3
No subscription required
libecpg-compat3 - 12.8-0ubuntu0.20.04.1
libecpg6 - 12.8-0ubuntu0.20.04.1
libpgtypes3 - 12.8-0ubuntu0.20.04.1
libpq5 - 12.8-0ubuntu0.20.04.1
postgresql-12 - 12.8-0ubuntu0.20.04.1
postgresql-client-12 - 12.8-0ubuntu0.20.04.1
postgresql-plperl-12 - 12.8-0ubuntu0.20.04.1
postgresql-plpython3-12 - 12.8-0ubuntu0.20.04.1
postgresql-pltcl-12 - 12.8-0ubuntu0.20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-03-25
2021-03-25
mdeslaur
2021-03-25
CVE-2021-3449
mdeslaur> does not affect 1.0.2 edk2 doesn't implement a server, so not vulnerable to this issue
CVE-2021-34556 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. Benedict Schlueter discovered that the BPF subsystem in the Linux kernel did not properly protect against Speculative Store Bypass (SSB) side- channel attacks in some situations. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2021-34556` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-90.101
linux-image-5.4.0-153-generic-lpae - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-generic - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-90.101
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1021.24
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1007.8
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-90.101
linux-image-5.4.0-105-lowlatency - 5.4.0-90.101
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1059.62
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1063.66
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1055.58
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1007.8
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1049.51
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-02
2021-08-02
Benedict Schlueter
CVE-2021-34556
CVE-2021-34557 on Ubuntu 20.04 LTS (focal) - medium.
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-10
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989508
CVE-2021-34557
CVE-2021-34693 on Ubuntu 20.04 LTS (focal) - low.
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2021-34693` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-81.91
linux-image-5.4.0-153-generic-lpae - 5.4.0-81.91
linux-image-unsigned-5.4.0-153-generic - 5.4.0-81.91
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-81.91
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1051.55
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1051.54
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1022.23
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1045.47
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1053.57
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1042.46
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1018.19~20.04.2
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-81.91
linux-image-5.4.0-105-lowlatency - 5.4.0-81.91
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1055.58
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1056.58
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1056.58
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1051.55
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1051.54
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1022.23
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1045.47
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1053.57
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-06-14
2021-06-14
Norbert Slusarek
CVE-2021-34693
CVE-2021-3483 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected 马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3483` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-26.28~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-55.62~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-55.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-04-07
2021-04-07
马哲宇
CVE-2021-3483
CVE-2021-3489 on Ubuntu 20.04 LTS (focal) - high.
The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1). Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3489` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1026.27
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-25.27~20.04.1
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1026.27
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-05-11
2021-05-11
Cascardo
Ryota Shiga
2021-05-11
CVE-2021-3489
sbeattie> introduced in v5.8-rc1
CVE-2021-3490 on Ubuntu 20.04 LTS (focal) - high.
The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1). Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3490` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1026.27
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-25.27~20.04.1
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1026.27
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-05-11
2021-05-11
cascardo
Manfred Paul
2021-05-11
CVE-2021-3490
sbeattie> introduced in v5.7-rc1
CVE-2021-3491 on Ubuntu 20.04 LTS (focal) - high.
The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1). Billy Jheng Bing-Jhong discovered that the io_uring implementation of the Linux kernel did not properly enforce the MAX_RW_COUNT limit in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3491` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1026.27
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-25.27~20.04.1
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-53.60~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-53.60~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1026.27
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-05-11
2021-05-11
cascardo
Billy Jheng Bing-Jhong (@st424204) of STAR Labs working with Trend Micro's Zero Day Initiative
2021-05-11
CVE-2021-3491
CVE-2021-3492 on Ubuntu 20.04 LTS (focal) - high.
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux kernel did not properly handle faults in copy_from_user() when passing through ioctls to an underlying file system. A local attacker could use this to cause a denial of service (memory exhaustion) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3492` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-72.80
linux-image-5.4.0-153-generic-lpae - 5.4.0-72.80
linux-image-unsigned-5.4.0-153-generic - 5.4.0-72.80
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-72.80
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1045.47
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1042.45
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1042.44
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1014.15
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-50.56~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-50.56~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-50.56~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-50.56~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1038.39
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1022.23
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1054.58
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1043.46
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1034.37
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-22.24~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-72.80
linux-image-5.4.0-105-lowlatency - 5.4.0-72.80
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1045.47
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1046.48
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1042.45
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1042.44
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1014.15
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-50.56~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-50.56~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1038.39
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1022.23
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1054.58
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1043.46
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-04-15
2021-04-15
cascardo
Vincent Dehors
2021-04-15
CVE-2021-3492
CVE-2021-3493 on Ubuntu 20.04 LTS (focal) - high.
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges.
Update Instructions:
Run `sudo pro fix CVE-2021-3493` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-72.80
linux-image-5.4.0-153-generic-lpae - 5.4.0-72.80
linux-image-unsigned-5.4.0-153-generic - 5.4.0-72.80
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-72.80
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1045.47
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1042.45
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1042.44
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1014.15
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-50.56~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-50.56~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-50.56~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-50.56~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1038.39
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1022.23
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1054.58
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1043.46
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1034.37
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-22.24~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-72.80
linux-image-5.4.0-105-lowlatency - 5.4.0-72.80
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1045.47
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1046.48
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1042.45
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1042.44
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1014.15
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-50.56~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-50.56~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1038.39
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1022.23
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1054.58
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1043.46
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-04-15
2021-04-15
cascardo
2021-04-15
CVE-2021-3493
sbeattie> issue is specific to Ubuntu or any other distribution that patched the kernel to allow unprivileged overlay mounts, prior to the 5.11 commit (459c7c565ac36b) that permits it upstream.
CVE-2021-3501 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. Reiji Watanabe discovered that the KVM VMX implementation in the Linux kernel did not properly prevent user space from tampering with an array index value, leading to a potential out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3501` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1029.30
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1029.30
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-06
2021-05-06
Reiji Watanabe
CVE-2021-3501
CVE-2021-35039 on Ubuntu 20.04 LTS (focal) - low.
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument. It was discovered that Linux kernel improperly reported successful module signature verification when the kernel build configuration option CONFIG_MODULE_SIG is unset. An attacker with the ability to load kernel modules could possibly use this to load an unsigned module, despite runtime configuration to require module signature verification. Ubuntu kernels are configured with CONFIG_MODULE_SIG enabled.
Update Instructions:
Run `sudo pro fix CVE-2021-35039` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1004.5
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1004.5
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-07-07
CVE-2021-35039
sbeattie> CONFIG_MODULE_SIG has been enabled in Ubuntu kernels at least as early as Ubuntu 14.04 LTS, so should not be affected.
CVE-2021-3506 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-3506` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1041.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1039.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-63.71~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-63.71~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1037.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1039.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-63.71~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-63.71~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1037.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-04-19
2021-04-19
CVE-2021-3506
CVE-2021-3507 on Ubuntu 20.04 LTS (focal) - low.
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
Update Instructions:
Run `sudo pro fix CVE-2021-3507` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.23
qemu-block-extra - 1:4.2-3ubuntu6.23
qemu-guest-agent - 1:4.2-3ubuntu6.23
qemu-kvm - 1:4.2-3ubuntu6.23
qemu-system - 1:4.2-3ubuntu6.23
qemu-system-arm - 1:4.2-3ubuntu6.23
qemu-system-common - 1:4.2-3ubuntu6.23
qemu-system-data - 1:4.2-3ubuntu6.23
qemu-system-gui - 1:4.2-3ubuntu6.23
qemu-system-mips - 1:4.2-3ubuntu6.23
qemu-system-misc - 1:4.2-3ubuntu6.23
qemu-system-ppc - 1:4.2-3ubuntu6.23
qemu-system-s390x - 1:4.2-3ubuntu6.23
qemu-system-sparc - 1:4.2-3ubuntu6.23
qemu-system-x86 - 1:4.2-3ubuntu6.23
qemu-system-x86-microvm - 1:4.2-3ubuntu6.23
qemu-system-x86-xen - 1:4.2-3ubuntu6.23
qemu-user - 1:4.2-3ubuntu6.23
qemu-user-binfmt - 1:4.2-3ubuntu6.23
qemu-user-static - 1:4.2-3ubuntu6.23
qemu-utils - 1:4.2-3ubuntu6.23
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-05-06
2021-05-06
mdeslaur
Alexander Bulekov
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987410
https://bugzilla.redhat.com/show_bug.cgi?id=1951118
CVE-2021-3507
CVE-2021-3527 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2021-3527` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.17
qemu-block-extra - 1:4.2-3ubuntu6.17
qemu-guest-agent - 1:4.2-3ubuntu6.17
qemu-kvm - 1:4.2-3ubuntu6.17
qemu-system - 1:4.2-3ubuntu6.17
qemu-system-arm - 1:4.2-3ubuntu6.17
qemu-system-common - 1:4.2-3ubuntu6.17
qemu-system-data - 1:4.2-3ubuntu6.17
qemu-system-gui - 1:4.2-3ubuntu6.17
qemu-system-mips - 1:4.2-3ubuntu6.17
qemu-system-misc - 1:4.2-3ubuntu6.17
qemu-system-ppc - 1:4.2-3ubuntu6.17
qemu-system-s390x - 1:4.2-3ubuntu6.17
qemu-system-sparc - 1:4.2-3ubuntu6.17
qemu-system-x86 - 1:4.2-3ubuntu6.17
qemu-system-x86-microvm - 1:4.2-3ubuntu6.17
qemu-system-x86-xen - 1:4.2-3ubuntu6.17
qemu-user - 1:4.2-3ubuntu6.17
qemu-user-binfmt - 1:4.2-3ubuntu6.17
qemu-user-static - 1:4.2-3ubuntu6.17
qemu-utils - 1:4.2-3ubuntu6.17
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-05-26
2021-05-26
Remy Noel
CVE-2021-3527
CVE-2021-3543 on Ubuntu 20.04 LTS (focal) - medium.
A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system. Mathias Krause discovered that a null pointer dereference existed in the Nitro Enclaves kernel driver of the Linux kernel. A local attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3543` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1064.67
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-01
2021-06-01
CVE-2021-3543
CVE-2021-35477 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly protect against Speculative Store Bypass (SSB) side-channel attacks in some situations. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2021-35477` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-90.101
linux-image-5.4.0-153-generic-lpae - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-generic - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-90.101
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1021.24
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1007.8
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-90.101
linux-image-5.4.0-105-lowlatency - 5.4.0-90.101
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1059.62
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1063.66
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1055.58
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1007.8
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1049.51
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-02
2021-08-02
Piotr Krysiuk
CVE-2021-35477
CVE-2021-3564 on Ubuntu 20.04 LTS (focal) - medium.
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3564` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-81.91
linux-image-5.4.0-153-generic-lpae - 5.4.0-81.91
linux-image-unsigned-5.4.0-153-generic - 5.4.0-81.91
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-81.91
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1042.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1040.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1051.55
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1039.41
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1051.54
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1022.23
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1045.47
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1053.57
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1038.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1042.46
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-81.91
linux-image-5.4.0-105-lowlatency - 5.4.0-81.91
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1055.58
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1056.58
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1040.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1056.58
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1051.55
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1039.41
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1051.54
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1022.23
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1045.47
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1053.57
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1038.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-08
2021-06-08
CVE-2021-3564
CVE-2021-3573 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3573` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-81.91
linux-image-5.4.0-153-generic-lpae - 5.4.0-81.91
linux-image-unsigned-5.4.0-153-generic - 5.4.0-81.91
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-81.91
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1042.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1040.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1051.55
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1039.41
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1051.54
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1022.23
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1045.47
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1053.57
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1038.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1042.46
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-81.91
linux-image-5.4.0-105-lowlatency - 5.4.0-81.91
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1055.58
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1056.58
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1040.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1056.58
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1051.55
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1039.41
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1051.54
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1022.23
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1045.47
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1053.57
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1038.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-06
2021-06-06
2021-06-06
CVE-2021-3573
CVE-2021-35942 on Ubuntu 20.04 LTS (focal) - low.
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
Update Instructions:
Run `sudo pro fix CVE-2021-35942` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9.7
libc-bin - 2.31-0ubuntu9.7
libc6 - 2.31-0ubuntu9.7
libc6-amd64 - 2.31-0ubuntu9.7
libc6-armel - 2.31-0ubuntu9.7
libc6-i386 - 2.31-0ubuntu9.7
libc6-lse - 2.31-0ubuntu9.7
libc6-pic - 2.31-0ubuntu9.7
libc6-prof - 2.31-0ubuntu9.7
libc6-s390 - 2.31-0ubuntu9.7
libc6-x32 - 2.31-0ubuntu9.7
locales - 2.31-0ubuntu9.7
locales-all - 2.31-0ubuntu9.7
nscd - 2.31-0ubuntu9.7
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-07-22
2021-07-22
Philippe Antoine
https://sourceware.org/bugzilla/show_bug.cgi?id=28011
CVE-2021-35942
CVE-2021-3600 on Ubuntu 20.04 LTS (focal) - high.
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3600` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-70.78
linux-image-5.4.0-153-generic-lpae - 5.4.0-70.78
linux-image-unsigned-5.4.0-153-generic - 5.4.0-70.78
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-70.78
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1040.43
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1039.41
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1012.13
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-48.54~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1036.37
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1017.18
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1041.44
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1032.35
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-20.22~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-70.78
linux-image-5.4.0-105-lowlatency - 5.4.0-70.78
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1041.43
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1043.45
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1043.45
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1040.43
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1039.41
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1012.13
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-48.54~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1036.37
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1017.18
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1041.44
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-06-22
2021-06-22
2021-06-22
CVE-2021-3600
sbeattie> 4.15 kernels the only ubuntu kernels that have not yet had the fix applied for 4.15 kernels, f6b1b3bf0d5f ("bpf: fix subprog verifier bypass by div/mod by 0 exception") is needed as a prerequisite but introduces CVE-2021-3444 cascardo> Commit f1174f77b50c is also necessary to exploit, and is not present on 4.4 kernels.
CVE-2021-3609 on Ubuntu 20.04 LTS (focal) - high.
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3609` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1014.15~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1012.13~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1016.19
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1014.16~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1033.34
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1012.16
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1012.13~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1016.19
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1014.16~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1044.46
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1033.34
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1012.16
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-06-21
2021-06-21
cascardo
Norbert Slusarek
https://launchpad.net/bugs/1932209
https://launchpad.net/bugs/1931855
CVE-2021-3609
cascardo> On 4.4 kernels, a CAN device needs to be present. Otherwise, a virtual device cannot be created without manually loading vcan module.
CVE-2021-3612 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered.
Update Instructions:
Run `sudo pro fix CVE-2021-3612` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-84.94
linux-image-5.4.0-153-generic-lpae - 5.4.0-84.94
linux-image-unsigned-5.4.0-153-generic - 5.4.0-84.94
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-84.94
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1056.59
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1058.60
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1058.60
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1052.56
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1052.55
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1023.24
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1004.5
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1054.58
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1043.47
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1018.19~20.04.2
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-84.94
linux-image-5.4.0-105-lowlatency - 5.4.0-84.94
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1056.59
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1058.60
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1058.60
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1052.56
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1052.55
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1023.24
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1004.5
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1046.48
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1054.58
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-07-09
2021-07-09
Murray McAllister
CVE-2021-3612
CVE-2021-3635 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.
Update Instructions:
Run `sudo pro fix CVE-2021-3635` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-08-13
https://bugzilla.redhat.com/show_bug.cgi?id=1976946
https://bugzilla.suse.com/show_bug.cgi?id=1189169
CVE-2021-3635
sbeattie> likely requires privilege to exploit
CVE-2021-3638 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-03
https://bugzilla.redhat.com/show_bug.cgi?id=1979858
CVE-2021-3638
mdeslaur> introduced in qemu 4.0 as of 2022-09-12, the proposed patch has not been committed into the upstream tree
CVE-2021-3640 on Ubuntu 20.04 LTS (focal) - medium.
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3640` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-97.110
linux-image-5.4.0-153-generic-lpae - 5.4.0-97.110
linux-image-unsigned-5.4.0-153-generic - 5.4.0-97.110
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-97.110
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1068.71
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1068.71
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1063.67
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1032.33
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1013.14
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1054.56
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1013.13
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1062.66
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1052.58
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-97.110
linux-image-5.4.0-105-lowlatency - 5.4.0-97.110
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1064.67
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1068.71
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1068.71
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1026.29
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1063.67
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1061.64
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1032.33
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1013.14
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1054.56
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1013.13
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1062.66
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1016.20~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-07-18
2021-07-18
2021-07-18
https://bugzilla.redhat.com/show_bug.cgi?id=1980646
https://bugzilla.suse.com/show_bug.cgi?id=1188172
CVE-2021-3640
sbeattie> Possibly addressed by Desmond Cheong Zhi Xi's patchset. may need additional prerequisite commits
CVE-2021-3653 on Ubuntu 20.04 LTS (focal) - high.
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory.
Update Instructions:
Run `sudo pro fix CVE-2021-3653` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-84.94
linux-image-5.4.0-153-generic-lpae - 5.4.0-84.94
linux-image-unsigned-5.4.0-153-generic - 5.4.0-84.94
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-84.94
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1056.59
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1058.60
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1041.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1058.60
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1052.56
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1052.55
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1023.24
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1004.5
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1045.47
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1012.16
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1054.58
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1018.19~20.04.2
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-84.94
linux-image-5.4.0-105-lowlatency - 5.4.0-84.94
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1056.59
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1058.60
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1041.44~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1058.60
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1052.56
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1052.55
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1023.24
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1004.5
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1046.48
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1045.47
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1012.16
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1054.58
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-08-16
2021-08-16
cascardo
Maxim Levitsky
2021-08-16
CVE-2021-3653
cascardo> trusty libvirt/qemu does not create nested capable VMs by default
CVE-2021-3655 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2021-3655` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-91.102
linux-image-5.4.0-153-generic-lpae - 5.4.0-91.102
linux-image-unsigned-5.4.0-153-generic - 5.4.0-91.102
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-91.102
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1060.63
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1022.25
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1058.62
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1023.25~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1056.59
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1027.28
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-41.45~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-41.45~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-41.45~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-41.45~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-41.45~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-22.22~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-22.22~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-22.22~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-22.22~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-22.22~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1008.9
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1050.52
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1020.24
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1058.62
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1047.52
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-91.102
linux-image-5.4.0-105-lowlatency - 5.4.0-91.102
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1060.63
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1064.67
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1064.67
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1022.25
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1058.62
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1023.25~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1056.59
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1027.28
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-41.45~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-41.45~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-41.45~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-22.22~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-22.22~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-22.22~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1050.52
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1020.24
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1058.62
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-05
2021-08-05
Ilja Van Sprundel
https://bugzilla.redhat.com/show_bug.cgi?id=1984024
https://bugzilla.suse.com/show_bug.cgi?id=1188563
CVE-2021-3655
sbeattie> original patch set introduced a bug, 557fb5862c9272ad9b21407afe1da8acfd9b53eb is needed to fix it
CVE-2021-3656 on Ubuntu 20.04 LTS (focal) - high.
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory.
Update Instructions:
Run `sudo pro fix CVE-2021-3656` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-84.94
linux-image-5.4.0-153-generic-lpae - 5.4.0-84.94
linux-image-unsigned-5.4.0-153-generic - 5.4.0-84.94
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-84.94
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1056.59
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1058.60
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1041.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1058.60
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1052.56
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1052.55
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1023.24
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1004.5
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1045.47
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1012.16
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1054.58
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1018.19~20.04.2
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-84.94
linux-image-5.4.0-105-lowlatency - 5.4.0-84.94
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1056.59
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1058.60
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1041.44~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1058.60
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1052.56
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1052.55
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1023.24
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1004.5
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1046.48
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1045.47
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1012.16
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1054.58
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-08-16
2021-08-16
cascardo
Maxim Levitsky and Paolo Bonzini
2021-08-16
CVE-2021-3656
CVE-2021-3659 on Ubuntu 20.04 LTS (focal) - medium.
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. It was discovered that the IEEE 802.15.4 wireless network subsystem in the Linux kernel did not properly handle certain error conditions, leading to a null pointer dereference vulnerability. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-3659` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-74.83
linux-image-5.4.0-153-generic-lpae - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-generic - 5.4.0-74.83
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-74.83
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1038.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1012.15
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1044.47
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1040.41
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1046.50
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1036.39
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-29.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-74.83
linux-image-5.4.0-105-lowlatency - 5.4.0-74.83
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1049.51
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1048.50
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1036.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1012.15
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1044.47
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1044.46
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1016.17
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-59.66~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-59.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1040.41
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1025.26
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1033.34~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-22
2022-08-22
https://bugzilla.redhat.com/show_bug.cgi?id=1975949
CVE-2021-3659
CVE-2021-3669 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2021-3669` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-146.163
linux-image-5.4.0-153-generic-lpae - 5.4.0-146.163
linux-image-unsigned-5.4.0-153-generic - 5.4.0-146.163
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-146.163
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1099.107
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1105.111
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1105.111
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1060.66
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1102.111
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1096.103
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1066.70
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1046.51
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1088.94
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1098.107
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1082.93
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-146.163
linux-image-5.4.0-105-lowlatency - 5.4.0-146.163
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1099.107
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1105.111
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1105.111
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1060.66
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1102.111
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1096.103
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1066.70
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1046.51
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1088.94
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1098.107
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1023.27
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-08-26
2022-08-26
https://bugzilla.redhat.com/show_bug.cgi?id=1986473
https://bugzilla.suse.com/show_bug.cgi?id=1188986
CVE-2021-3669
sbeattie> I think the issue is what is being addressed in the referenced lkml thread. rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.
CVE-2021-3679 on Ubuntu 20.04 LTS (focal) - low.
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service. It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2021-3679` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-88.99
linux-image-5.4.0-153-generic-lpae - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-generic - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-88.99
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1053.57
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1053.56
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1024.25
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1005.6
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1055.59
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1044.48
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-88.99
linux-image-5.4.0-105-lowlatency - 5.4.0-88.99
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1057.60
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1059.62
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1053.57
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1053.56
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1024.25
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1005.6
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1047.49
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1055.59
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-08-05
2021-08-05
CVE-2021-3679
CVE-2021-3711 on Ubuntu 20.04 LTS (focal) - high.
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).
Update Instructions:
Run `sudo pro fix CVE-2021-3711` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2.8
openssl - 1.1.1f-1ubuntu2.8
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-08-24
2021-08-24
mdeslaur
John Ouyang
2021-08-24
CVE-2021-3711
CVE-2021-3712 on Ubuntu 20.04 LTS (focal) - medium.
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
Update Instructions:
Run `sudo pro fix CVE-2021-3712` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
ovmf - 0~20191122.bd85bf54-2ubuntu3.3
qemu-efi - 0~20191122.bd85bf54-2ubuntu3.3
qemu-efi-aarch64 - 0~20191122.bd85bf54-2ubuntu3.3
qemu-efi-arm - 0~20191122.bd85bf54-2ubuntu3.3
No subscription required
libssl1.1 - 1.1.1f-1ubuntu2.8
openssl - 1.1.1f-1ubuntu2.8
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-24
2021-08-24
Ingo Schwarze
2021-08-24
CVE-2021-3712
mdeslaur> in 1.0.2, this bug is in X509_CERT_AUX_print() list of commits below is incomplete
CVE-2021-3715 on Ubuntu 20.04 LTS (focal) - high.
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Update Instructions:
Run `sudo pro fix CVE-2021-3715` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-24.28
linux-image-5.4.0-153-generic-lpae - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-generic - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-24.28
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1009.9
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1009.9
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1008.8
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-24.28
linux-image-5.4.0-105-lowlatency - 5.4.0-24.28
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1008.8
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1009.9
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1009.9
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1008.8
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1007.7
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1008.8
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-03-02
CVE-2021-3715
CVE-2021-37159 on Ubuntu 20.04 LTS (focal) - low.
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-37159` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-91.102
linux-image-5.4.0-153-generic-lpae - 5.4.0-91.102
linux-image-unsigned-5.4.0-153-generic - 5.4.0-91.102
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-91.102
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1060.63
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1022.25
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1058.62
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1056.59
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1027.28
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1050.52
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1058.62
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1047.52
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-91.102
linux-image-5.4.0-105-lowlatency - 5.4.0-91.102
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1060.63
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1064.67
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1064.67
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1022.25
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1058.62
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1056.59
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1027.28
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1050.52
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1058.62
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-07-21
2021-07-21
CVE-2021-37159
CVE-2021-3732 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible. Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2021-3732` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-89.100
linux-image-5.4.0-153-generic-lpae - 5.4.0-89.100
linux-image-unsigned-5.4.0-153-generic - 5.4.0-89.100
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-89.100
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1058.61
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1020.21~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1020.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1056.60
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1054.57
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1025.26
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1006.7
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1056.60
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-89.100
linux-image-5.4.0-105-lowlatency - 5.4.0-89.100
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1058.61
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1062.65
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1062.65
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1020.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1056.60
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1025.26
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1006.7
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1048.50
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1056.60
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-27
2021-08-27
Alois Wohlschlager
CVE-2021-3732
CVE-2021-3739 on Ubuntu 20.04 LTS (focal) - low.
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. It was discovered that the btrfs file system in the Linux kernel did not properly handle removing a non-existent device id. An attacker with CAP_SYS_ADMIN could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2021-3739` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-90.101
linux-image-5.4.0-153-generic-lpae - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-generic - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-90.101
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1020.21~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1021.24
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1007.8
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1017.21
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-90.101
linux-image-5.4.0-105-lowlatency - 5.4.0-90.101
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1059.62
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1063.66
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1055.58
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1007.8
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1049.51
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1017.21
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-08-27
2021-08-27
butt3rflyh4ck
CVE-2021-3739
CVE-2021-3743 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. It was discovered that the Qualcomm IPC Router protocol implementation in the Linux kernel did not properly validate metadata in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2021-3743` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-90.101
linux-image-5.4.0-153-generic-lpae - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-generic - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-90.101
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1020.21~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1021.24
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1007.8
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1017.21
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-90.101
linux-image-5.4.0-105-lowlatency - 5.4.0-90.101
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1059.62
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1063.66
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1055.58
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1007.8
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1049.51
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1017.21
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-25
2021-08-25
butt3rflyh4ck
CVE-2021-3743
CVE-2021-3744 on Ubuntu 20.04 LTS (focal) - low.
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. It was discovered that the AMD Cryptographic Coprocessor (CCP) driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2021-3744` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-91.102
linux-image-5.4.0-153-generic-lpae - 5.4.0-91.102
linux-image-unsigned-5.4.0-153-generic - 5.4.0-91.102
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-91.102
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1060.63
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1022.25
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1058.62
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1023.25~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1056.59
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1027.28
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-41.45~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-41.45~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-41.45~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-41.45~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-41.45~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-22.22~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-22.22~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-22.22~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-22.22~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-22.22~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1008.9
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1050.52
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1020.24
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1058.62
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1047.52
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-91.102
linux-image-5.4.0-105-lowlatency - 5.4.0-91.102
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1060.63
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1064.67
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1064.67
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1022.25
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1058.62
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1023.25~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1056.59
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1027.28
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-41.45~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-41.45~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-41.45~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-22.22~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-22.22~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-22.22~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1050.52
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1020.24
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1058.62
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-09-15
2021-09-15
minihanshen(沈明航)
https://bugzilla.redhat.com/show_bug.cgi?id=2000627
CVE-2021-3744
CVE-2021-3752 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3752` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-97.110
linux-image-5.4.0-153-generic-lpae - 5.4.0-97.110
linux-image-unsigned-5.4.0-153-generic - 5.4.0-97.110
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-97.110
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1068.71
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1068.71
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1063.67
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1032.33
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1013.14
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1054.56
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1013.13
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1062.66
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1052.58
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-97.110
linux-image-5.4.0-105-lowlatency - 5.4.0-97.110
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1064.67
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1068.71
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1068.71
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1063.67
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1061.64
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1032.33
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1013.14
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1054.56
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1013.13
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1062.66
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1016.20~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-09-17
2021-09-17
Likang Luo
https://bugzilla.redhat.com/show_bug.cgi?id=1999544
CVE-2021-3752
sbeattie> this is more difficult to trigger due to the presence of 3af70b39fa2d415dc86c370e5b24ddb9fdacbd6f
CVE-2021-3753 on Ubuntu 20.04 LTS (focal) - medium.
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. It was discovered that the virtual terminal (vt) device implementation in the Linux kernel contained a race condition in its ioctl handling that led to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2021-3753` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-90.101
linux-image-5.4.0-153-generic-lpae - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-generic - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-90.101
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1020.21~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1021.24
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1026.27
No subscription required
linux-image-unsigned-5.15.0-1023-gkeop - 5.15.0-1003.5~20.04.2
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1007.8
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1001.3
linux-image-unsigned-5.4.0-1014-iot - 5.4.0-1001.3
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1017.21
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1015.17~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-90.101
linux-image-5.4.0-105-lowlatency - 5.4.0-90.101
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1059.62
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1063.66
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1055.58
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.15.0-1023-gkeop - 5.15.0-1003.5~20.04.2
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1007.8
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1001.3
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1049.51
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1017.21
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1020.24
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-09-02
2021-09-02
CVE-2021-3753
CVE-2021-37576 on Ubuntu 20.04 LTS (focal) - medium.
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. Alexey Kardashevskiy discovered that the KVM implementation for PowerPC systems in the Linux kernel did not properly validate RTAS arguments in some situations. An attacker in a guest vm could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-37576` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-88.99
linux-image-5.4.0-153-generic-lpae - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-generic - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-88.99
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1005.6
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-88.99
linux-image-5.4.0-105-lowlatency - 5.4.0-88.99
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1005.6
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-07-26
2021-07-26
Alexey Kardashevskiy
CVE-2021-37576
CVE-2021-3759 on Ubuntu 20.04 LTS (focal) - medium.
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. It was discovered that the Linux kernel did not properly account for the memory usage of certain IPC objects. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2021-3759` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-90.101
linux-image-5.4.0-153-generic-lpae - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-generic - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-90.101
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1021.22~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1021.24
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1022.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-40.44~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-40.44~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-40.44~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-40.44~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-40.44~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1007.8
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1017.21
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1046.50
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-90.101
linux-image-5.4.0-105-lowlatency - 5.4.0-90.101
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1059.62
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1063.66
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1022.24~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1055.58
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-40.44~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-40.44~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-40.44~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1007.8
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1049.51
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1017.21
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1057.61
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-09-02
2021-09-02
CVE-2021-3759
CVE-2021-3760 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-3760` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-92.103
linux-image-5.4.0-153-generic-lpae - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-generic - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-92.103
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1023.26
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-52-generic-lpae - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1010.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1048.53
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1024.25~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-92.103
linux-image-5.4.0-105-lowlatency - 5.4.0-92.103
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1061.64
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1065.68
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1057.60
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-generic-64k - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1010.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1008.8
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-10-26
2021-10-26
CVE-2021-3760
CVE-2021-3764 on Ubuntu 20.04 LTS (focal) - medium.
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. It was discovered that the AMD Cryptographic Coprocessor (CCP) driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2021-3764` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-91.102
linux-image-5.4.0-153-generic-lpae - 5.4.0-91.102
linux-image-unsigned-5.4.0-153-generic - 5.4.0-91.102
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-91.102
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1060.63
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1022.25
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1058.62
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1023.25~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1056.59
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1027.28
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-41.45~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-41.45~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-41.45~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-41.45~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-41.45~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-22.22~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-22.22~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-22.22~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-22.22~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-22.22~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1008.9
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1050.52
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1020.24
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1058.62
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1047.52
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-91.102
linux-image-5.4.0-105-lowlatency - 5.4.0-91.102
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1060.63
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1064.67
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1064.67
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1022.25
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1058.62
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1023.25~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1056.59
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1027.28
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-41.45~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-41.45~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-41.45~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-22.22~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-22.22~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-22.22~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1050.52
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1020.24
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1058.62
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1022.23~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-09-15
2021-09-15
minihanshen(沈明航)
https://bugzilla.redhat.com/show_bug.cgi?id=1997467
CVE-2021-3764
sbeattie> Red Hat asserts that the patch for CVE-2021-3744 contains the fix for CVE-2021-3764 as well.
CVE-2021-3772 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. A remote attacker could possibly use this to cause a denial of service (connection disassociation).
Update Instructions:
Run `sudo pro fix CVE-2021-3772` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1008.8
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-09-09
2021-09-09
https://bugzilla.redhat.com/show_bug.cgi?id=2000694
https://bugzilla.suse.com/show_bug.cgi?id=1190351
CVE-2021-3772
CVE-2021-3773 on Ubuntu 20.04 LTS (focal) - medium.
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-02-16
https://bugzilla.redhat.com/show_bug.cgi?id=2004949
CVE-2021-3773
sbeattie> no identified fix in the upstream kernel as of 2022-01-27
CVE-2021-38160 on Ubuntu 20.04 LTS (focal) - medium.
** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior. It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-38160` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-88.99
linux-image-5.4.0-153-generic-lpae - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-generic - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-88.99
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1053.57
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1053.56
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1024.25
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1005.6
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1055.59
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1044.48
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-88.99
linux-image-5.4.0-105-lowlatency - 5.4.0-88.99
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1057.60
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1059.62
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1053.57
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1053.56
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1024.25
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1005.6
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1047.49
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1055.59
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-07
2021-08-07
CVE-2021-38160
CVE-2021-38166 on Ubuntu 20.04 LTS (focal) - medium.
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability. It was discovered that the BPF subsystem in the Linux kernel contained an integer overflow in its hash table implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-38166` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1020.21~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-07
2021-08-07
CVE-2021-38166
CVE-2021-38198 on Ubuntu 20.04 LTS (focal) - medium.
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault. It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2021-38198` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-89.100
linux-image-5.4.0-153-generic-lpae - 5.4.0-89.100
linux-image-unsigned-5.4.0-153-generic - 5.4.0-89.100
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-89.100
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1058.61
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1020.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1056.60
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1054.57
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1025.26
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1006.7
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1056.60
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-89.100
linux-image-5.4.0-105-lowlatency - 5.4.0-89.100
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1058.61
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1062.65
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1062.65
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1020.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1056.60
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1054.57
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1025.26
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1006.7
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1048.50
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1056.60
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-08
2021-08-08
CVE-2021-38198
CVE-2021-38199 on Ubuntu 20.04 LTS (focal) - medium.
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. Michael Wakabayashi discovered that the NFSv4 client implementation in the Linux kernel did not properly order connection setup operations. An attacker controlling a remote NFS server could use this to cause a denial of service on the client.
Update Instructions:
Run `sudo pro fix CVE-2021-38199` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-88.99
linux-image-5.4.0-153-generic-lpae - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-generic - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-88.99
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1053.57
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1053.56
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1024.25
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1005.6
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1055.59
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1044.48
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-88.99
linux-image-5.4.0-105-lowlatency - 5.4.0-88.99
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1057.60
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1059.62
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1053.57
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1053.56
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1024.25
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1005.6
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1047.49
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1055.59
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-08
2021-08-08
Michael Wakabayashi
CVE-2021-38199
CVE-2021-38200 on Ubuntu 20.04 LTS (focal) - low.
arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a "perf record" command. It was discovered that the perf subsystem in the Linux kernel for the PowerPC architecture contained a null pointer dereference in some situations. An attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-38200` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1018.19~20.04.2
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-08-08
2021-08-08
CVE-2021-38200
CVE-2021-38201 on Ubuntu 20.04 LTS (focal) - medium.
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. It was discovered that the Sun RPC implementation in the Linux kernel contained an out-of-bounds access error. A remote attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-38201` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-08
2021-08-08
CVE-2021-38201
CVE-2021-38204 on Ubuntu 20.04 LTS (focal) - low.
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations. It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-38204` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-88.99
linux-image-5.4.0-153-generic-lpae - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-generic - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-88.99
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1053.57
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1053.56
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1024.25
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1005.6
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1055.59
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1044.48
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-88.99
linux-image-5.4.0-105-lowlatency - 5.4.0-88.99
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1057.60
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1059.62
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1053.57
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1053.56
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1024.25
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1005.6
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1047.49
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1055.59
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-08-08
2021-08-08
CVE-2021-38204
CVE-2021-38205 on Ubuntu 20.04 LTS (focal) - low.
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer). It was discovered that the Xilinx 10/100 Ethernet Lite device driver in the Linux kernel could report pointer addresses in some situations. An attacker could use this information to ease the exploitation of another vulnerability.
Update Instructions:
Run `sudo pro fix CVE-2021-38205` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-89.100
linux-image-5.4.0-153-generic-lpae - 5.4.0-89.100
linux-image-unsigned-5.4.0-153-generic - 5.4.0-89.100
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-89.100
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1058.61
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1020.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1056.60
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1054.57
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1025.26
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1006.7
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1056.60
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-89.100
linux-image-5.4.0-105-lowlatency - 5.4.0-89.100
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1058.61
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1062.65
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1062.65
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1020.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1056.60
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1054.57
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1025.26
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1006.7
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1048.50
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1056.60
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-08-08
2021-08-08
CVE-2021-38205
sbeattie> in Ubuntu 21.04 and newer, dmesg is restricted to privileged users.
CVE-2021-38206 on Ubuntu 20.04 LTS (focal) - medium.
The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates. Ben Greear discovered that the mac80211 subsystem in the Linux kernel contained a null pointer dereference in some situations. A physically proximate attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-38206` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1018.19~20.04.2
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-08
2021-08-08
Ben Greear
CVE-2021-38206
CVE-2021-38207 on Ubuntu 20.04 LTS (focal) - medium.
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes. It was discovered that the Xilinx LL TEMAC device driver in the Linux kernel did not properly calculate the number of buffers to be used in certain situations. A remote attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-38207` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-81.91
linux-image-5.4.0-153-generic-lpae - 5.4.0-81.91
linux-image-unsigned-5.4.0-153-generic - 5.4.0-81.91
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-81.91
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1051.55
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1051.54
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1022.23
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1045.47
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1053.57
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1042.46
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1018.19~20.04.2
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-81.91
linux-image-5.4.0-105-lowlatency - 5.4.0-81.91
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1055.58
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1056.58
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1056.58
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1051.55
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1018.20~20.04.2
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1051.54
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1022.23
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1045.47
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1053.57
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-08
2021-08-08
CVE-2021-38207
CVE-2021-38208 on Ubuntu 20.04 LTS (focal) - medium.
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2021-38208` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-81.91
linux-image-5.4.0-153-generic-lpae - 5.4.0-81.91
linux-image-unsigned-5.4.0-153-generic - 5.4.0-81.91
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-81.91
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1042.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1040.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1051.55
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1039.41
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1051.54
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1022.23
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1045.47
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1053.57
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1038.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1042.46
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-81.91
linux-image-5.4.0-105-lowlatency - 5.4.0-81.91
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1055.58
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1056.58
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1040.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1056.58
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1051.55
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1017.19~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1039.41
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1051.54
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1022.23
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-34.36~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-34.36~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1045.47
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1038.40
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1053.57
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1016.17~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1038.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-08
2021-08-08
CVE-2021-38208
CVE-2021-38300 on Ubuntu 20.04 LTS (focal) - medium.
arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.
Update Instructions:
Run `sudo pro fix CVE-2021-38300` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-52-generic-lpae - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-generic-64k - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-09-20
CVE-2021-38300
sbeattie> MIPS only break entry may be newer than c6610de353da5ca6, introduction of ebpf jit for MIPS.
CVE-2021-39634 on Ubuntu 20.04 LTS (focal) - medium.
In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204450605References: Upstream kernel
Update Instructions:
Run `sudo pro fix CVE-2021-39634` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1030.31
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1030.32
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1023.26
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1030.31
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1032.33
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1032.33
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1030.32
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-01-14
CVE-2021-39634
CVE-2021-39636 on Ubuntu 20.04 LTS (focal) - medium.
In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-120612905References: Upstream kernel It was discovered that the network packet filtering implementation in the Linux kernel did not properly initialize information in certain circumstances. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2021-39636` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-15
2021-12-15
CVE-2021-39636
CVE-2021-39648 on Ubuntu 20.04 LTS (focal) - medium.
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel It was discovered that the configfs interface for USB gadgets in the Linux kernel contained a race condition. A local attacker could possibly use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2021-39648` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-67.75
linux-image-5.4.0-153-generic-lpae - 5.4.0-67.75
linux-image-unsigned-5.4.0-153-generic - 5.4.0-67.75
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-67.75
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1039.41
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1041.43
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1038.41
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1037.39
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1011.12
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1014.15
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1039.42
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1030.33
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-67.75
linux-image-5.4.0-105-lowlatency - 5.4.0-67.75
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1039.41
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1041.43
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1041.43
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1037.39
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1011.12
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1034.35
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1014.15
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1039.42
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-15
2021-12-15
CVE-2021-39648
CVE-2021-39656 on Ubuntu 20.04 LTS (focal) - medium.
In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel
Update Instructions:
Run `sudo pro fix CVE-2021-39656` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-73.82
linux-image-5.4.0-153-generic-lpae - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-generic - 5.4.0-73.82
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-73.82
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1011.14
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1043.46
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1043.45
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1039.40
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1045.49
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1035.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-73.82
linux-image-5.4.0-105-lowlatency - 5.4.0-73.82
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1048.50
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1047.49
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1047.49
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1011.14
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1043.46
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1043.45
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1015.16
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1039.40
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1021.22
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-15
CVE-2021-39656
CVE-2021-39685 on Ubuntu 20.04 LTS (focal) - medium.
In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-39685` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-100.113
linux-image-5.4.0-153-generic-lpae - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-generic - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-100.113
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1028.31
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1065.69
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1015.16
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1064.68
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1053.60
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-100.113
linux-image-5.4.0-105-lowlatency - 5.4.0-100.113
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1066.69
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1070.73
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1028.31
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1065.69
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1063.66
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1015.16
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1056.58
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1064.68
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-16
2021-12-16
Szymon Heidrich
CVE-2021-39685
sbeattie> likely introduces subtle regression that needs f08adf5add9a ("USB: gadget: bRequestType is a bitfield, not a enum") to address
CVE-2021-39686 on Ubuntu 20.04 LTS (focal) - low.
In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel
Update Instructions:
Run `sudo pro fix CVE-2021-39686` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-100.113
linux-image-5.4.0-153-generic-lpae - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-generic - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-100.113
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1028.31
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1065.69
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1015.16
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1064.68
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1053.60
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-100.113
linux-image-5.4.0-105-lowlatency - 5.4.0-100.113
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1066.69
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1070.73
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1028.31
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1065.69
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1063.66
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1015.16
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1056.58
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1064.68
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-03-16
CVE-2021-39686
sbeattie> AppArmor is the default MAC LSM for Ubuntu, not SELinux, though it is possible to boot with SELinux enforcement in place.
CVE-2021-39698 on Ubuntu 20.04 LTS (focal) - medium.
In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel It was discovered that a race condition existed in the poll implementation in the Linux kernel, resulting in a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-39698` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-100.113
linux-image-5.4.0-153-generic-lpae - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-generic - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-100.113
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1028.31
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1065.69
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1015.16
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1064.68
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1053.60
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-100.113
linux-image-5.4.0-105-lowlatency - 5.4.0-100.113
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1066.69
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1070.73
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1028.31
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1065.69
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1063.66
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1015.16
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1056.58
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1064.68
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-16
2022-03-16
Linus Torvalds
CVE-2021-39698
CVE-2021-39713 on Ubuntu 20.04 LTS (focal) - high.
Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-39713` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-03-16
2022-03-16
CVE-2021-39713
CVE-2021-39714 on Ubuntu 20.04 LTS (focal) - medium.
In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel It was discovered that the Ion Memory Manager subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-39714` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-16
2022-03-16
CVE-2021-39714
sbeattie> fixed by dropping the ion_map_kernel interface, claimed to be unused; however, android commit in references gives a fix
CVE-2021-3999 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
Update Instructions:
Run `sudo pro fix CVE-2021-3999` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9.7
libc-bin - 2.31-0ubuntu9.7
libc6 - 2.31-0ubuntu9.7
libc6-amd64 - 2.31-0ubuntu9.7
libc6-armel - 2.31-0ubuntu9.7
libc6-i386 - 2.31-0ubuntu9.7
libc6-lse - 2.31-0ubuntu9.7
libc6-pic - 2.31-0ubuntu9.7
libc6-prof - 2.31-0ubuntu9.7
libc6-s390 - 2.31-0ubuntu9.7
libc6-x32 - 2.31-0ubuntu9.7
locales - 2.31-0ubuntu9.7
locales-all - 2.31-0ubuntu9.7
nscd - 2.31-0ubuntu9.7
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-02-01
2022-02-01
Qualys
2022-02-01
https://sourceware.org/bugzilla/show_bug.cgi?id=28769
CVE-2021-3999
CVE-2021-4001 on Ubuntu 20.04 LTS (focal) - medium.
A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. This flaw affects kernel versions prior to 5.16 rc2. It was discovered that the eBPF implementation in the Linux kernel contained a race condition around read-only maps. A privileged attacker could use this to modify read-only maps.
Update Instructions:
Run `sudo pro fix CVE-2021-4001` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1016.20~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-11-25
2021-11-25
CVE-2021-4001
CVE-2021-4002 on Ubuntu 20.04 LTS (focal) - high.
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages.
Update Instructions:
Run `sudo pro fix CVE-2021-4002` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-92.103
linux-image-5.4.0-153-generic-lpae - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-generic - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-92.103
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1023.26
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-52-generic-lpae - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1010.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1013.13
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1048.53
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1024.25~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-92.103
linux-image-5.4.0-105-lowlatency - 5.4.0-92.103
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1061.64
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1065.68
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1057.60
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-generic-64k - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1010.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1051.53
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1013.13
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-11-26
2021-11-26
Nadav Amit
CVE-2021-4002
CVE-2021-4028 on Ubuntu 20.04 LTS (focal) - medium.
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
Update Instructions:
Run `sudo pro fix CVE-2021-4028` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-52-generic-lpae - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1024.25~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-generic-64k - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-24
https://bugzilla.redhat.com/show_bug.cgi?id=2027201
https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0
CVE-2021-4028
CVE-2021-4037 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. Christian Brauner discovered that the XFS file system implementation in the Linux kernel did not properly handle setgid file creation. A local attacker could use this to gain elevated privileges.
Update Instructions:
Run `sudo pro fix CVE-2021-4037` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-92.103
linux-image-5.4.0-153-generic-lpae - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-generic - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-92.103
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1023.26
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1010.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1052.54
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1048.53
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1024.25~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-92.103
linux-image-5.4.0-105-lowlatency - 5.4.0-92.103
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1061.64
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1065.68
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1057.60
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1010.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1052.54
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-24
2022-08-24
Christian Brauner
https://bugzilla.redhat.com/show_bug.cgi?id=2027239
CVE-2021-4037
CVE-2021-40490 on Ubuntu 20.04 LTS (focal) - medium.
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. It was discovered that the ext4 file system in the Linux kernel contained a race condition when writing xattrs to an inode. A local attacker could use this to cause a denial of service or possibly gain administrative privileges.
Update Instructions:
Run `sudo pro fix CVE-2021-40490` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-89.100
linux-image-5.4.0-153-generic-lpae - 5.4.0-89.100
linux-image-unsigned-5.4.0-153-generic - 5.4.0-89.100
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-89.100
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1058.61
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1020.21~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1020.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1056.60
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1054.57
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1025.26
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1006.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1056.60
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-89.100
linux-image-5.4.0-105-lowlatency - 5.4.0-89.100
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1058.61
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1062.65
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1043.46~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1062.65
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1020.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1056.60
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1054.57
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1025.26
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1006.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1048.50
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1056.60
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-09-03
2021-09-03
CVE-2021-40490
CVE-2021-4083 on Ubuntu 20.04 LTS (focal) - medium.
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-4083` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-100.113
linux-image-5.4.0-153-generic-lpae - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-generic - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-100.113
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1014.15~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1014.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1028.31
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1065.69
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-30.33~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-30.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1015.16
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1064.68
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1018.22~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1053.60
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-100.113
linux-image-5.4.0-105-lowlatency - 5.4.0-100.113
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1066.69
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1014.15~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1070.73
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1014.16~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1028.31
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1065.69
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1063.66
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-30.33~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-30.33~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-30.33~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1015.16
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1056.58
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1064.68
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1018.22~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-01-18
2022-01-18
Jann Horn
CVE-2021-4083
CVE-2021-4090 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat. It was discovered that the NFS server implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-4090` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1018.19
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1018.19
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1016.20~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-13
2021-12-13
CVE-2021-4090
sbeattie> reproducer in initial report email
CVE-2021-4093 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario. Felix Wilhelm discovered that the KVM implementation in the Linux kernel did not properly handle exit events from AMD Secure Encrypted Virtualization-Encrypted State (SEV-ES) guest VMs. An attacker in a guest VM could use this to cause a denial of service (host kernel crash) or possibly execute arbitrary code in the host kernel.
Update Instructions:
Run `sudo pro fix CVE-2021-4093` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1008.8
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-13
2021-12-13
Felix Wilhelm
https://bugzilla.redhat.com/show_bug.cgi?id=2028584
CVE-2021-4093
CVE-2021-41073 on Ubuntu 20.04 LTS (focal) - high.
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-41073` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-37.41~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-37.41~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-09-19
2021-09-19
Valentina Palmiotti
CVE-2021-41073
CVE-2021-4135 on Ubuntu 20.04 LTS (focal) - medium.
A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. It was discovered that the simulated networking device driver for the Linux kernel did not properly initialize memory in certain situations. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2021-4135` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-24
2021-12-24
CVE-2021-4135
CVE-2021-4149 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle locking in certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock).
Update Instructions:
Run `sudo pro fix CVE-2021-4149` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-92.103
linux-image-5.4.0-153-generic-lpae - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-generic - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-92.103
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1023.26
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-52-generic-lpae - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1010.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1048.53
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1024.25~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-92.103
linux-image-5.4.0-105-lowlatency - 5.4.0-92.103
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1061.64
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1065.68
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1057.60
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-generic-64k - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1010.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-23
2022-03-23
Hao Sun
CVE-2021-4149
CVE-2021-4154 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
Update Instructions:
Run `sudo pro fix CVE-2021-4154` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-88.99
linux-image-5.4.0-153-generic-lpae - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-generic - 5.4.0-88.99
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-88.99
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1053.57
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1053.56
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1024.25
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1005.6
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1047.49
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1055.59
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1044.48
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-88.99
linux-image-5.4.0-105-lowlatency - 5.4.0-88.99
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1057.60
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1059.62
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1053.57
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1053.56
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1024.25
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1005.6
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1047.49
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1055.59
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-02-04
CVE-2021-4154
CVE-2021-4155 on Ubuntu 20.04 LTS (focal) - medium.
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2021-4155` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-100.113
linux-image-5.4.0-153-generic-lpae - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-generic - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-100.113
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1014.15~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1014.16~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1028.31
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1065.69
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-30.33~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-30.33~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1015.16
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1064.68
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1018.22~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1053.60
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-100.113
linux-image-5.4.0-105-lowlatency - 5.4.0-100.113
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1066.69
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1014.15~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1070.73
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1014.16~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1028.31
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1065.69
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1015.18~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-30.33~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-30.33~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-30.33~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1015.16
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1056.58
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1064.68
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1018.22~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-31
2021-12-31
Kirill Tkhai
https://bugzilla.redhat.com/show_bug.cgi?id=2034813
CVE-2021-4155
CVE-2021-4157 on Ubuntu 20.04 LTS (focal) - medium.
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. It was discovered that the Parallel NFS (pNFS) implementation in the Linux kernel did not properly perform bounds checking in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-4157` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-80.90
linux-image-5.4.0-153-generic-lpae - 5.4.0-80.90
linux-image-unsigned-5.4.0-153-generic - 5.4.0-80.90
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-80.90
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1054.57
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1014.15~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1055.57
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1012.13~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1055.57
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1016.19
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1049.53
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1014.16~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1049.52
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1021.22
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1044.46
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1052.56
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1041.45
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-80.90
linux-image-5.4.0-105-lowlatency - 5.4.0-80.90
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1054.57
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1055.57
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1012.13~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1055.57
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1016.19
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1049.53
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1014.16~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1021.22
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1044.46
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1052.56
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1013.14~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-25
2022-03-25
CVE-2021-4157
CVE-2021-4159 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2021-4159` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-128.144
linux-image-5.4.0-153-generic-lpae - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-generic - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-128.144
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1090.98
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1034.38
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1076.81
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1071.81
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-128.144
linux-image-5.4.0-105-lowlatency - 5.4.0-128.144
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1086.93
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1047.52
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1090.98
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1034.38
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1076.81
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1084.92
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-24
2022-08-24
https://bugzilla.suse.com/show_bug.cgi?id=1194227
CVE-2021-4159
CVE-2021-41864 on Ubuntu 20.04 LTS (focal) - low.
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-41864` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-92.103
linux-image-5.4.0-153-generic-lpae - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-generic - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-92.103
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1023.26
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-52-generic-lpae - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1010.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1048.53
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1024.25~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-92.103
linux-image-5.4.0-105-lowlatency - 5.4.0-92.103
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1061.64
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1065.68
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1057.60
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-generic-64k - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1010.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1051.53
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-10-02
2021-10-02
CVE-2021-41864
CVE-2021-4197 on Ubuntu 20.04 LTS (focal) - medium.
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges.
Update Instructions:
Run `sudo pro fix CVE-2021-4197` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-31
2021-12-31
Eric Biederman
CVE-2021-4197
CVE-2021-42008 on Ubuntu 20.04 LTS (focal) - low.
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. It was discovered that the 6pack network protocol driver in the Linux kernel did not properly perform validation checks. A privileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-42008` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-89.100
linux-image-5.4.0-153-generic-lpae - 5.4.0-89.100
linux-image-unsigned-5.4.0-153-generic - 5.4.0-89.100
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-89.100
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1058.61
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1020.21~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1020.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1056.60
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1054.57
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1025.26
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1006.7
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1048.50
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1056.60
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1045.49
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1021.22~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-89.100
linux-image-5.4.0-105-lowlatency - 5.4.0-89.100
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1058.61
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1062.65
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1062.65
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1020.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1056.60
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1021.23~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1054.57
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1025.26
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-38.42~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-38.42~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1006.7
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1048.50
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1050.52
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1056.60
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-10-05
2021-10-05
CVE-2021-42008
CVE-2021-4202 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-4202` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-100.113
linux-image-5.4.0-153-generic-lpae - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-generic - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-100.113
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1028.31
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1065.69
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1015.16
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1064.68
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1053.60
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-100.113
linux-image-5.4.0-105-lowlatency - 5.4.0-100.113
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1066.69
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1070.73
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1028.31
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1065.69
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1063.66
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1015.16
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1056.58
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1064.68
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1016.20~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-31
2021-12-31
https://bugzilla.redhat.com/show_bug.cgi?id=2036682
CVE-2021-4202
CVE-2021-4203 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. Jann Horn discovered that the socket subsystem in the Linux kernel contained a race condition when handling listen() and connect() operations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2021-4203` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-91.102
linux-image-5.4.0-153-generic-lpae - 5.4.0-91.102
linux-image-unsigned-5.4.0-153-generic - 5.4.0-91.102
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-91.102
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1060.63
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1022.25
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1058.62
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1056.59
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1027.28
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-52-generic-lpae - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1008.9
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1050.52
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1058.62
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1047.52
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1024.25~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-91.102
linux-image-5.4.0-105-lowlatency - 5.4.0-91.102
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1060.63
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1064.67
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1064.67
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1022.25
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1058.62
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1056.59
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1027.28
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-generic-64k - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1050.52
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1058.62
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-25
2022-03-25
Jann Horn
https://bugzilla.redhat.com/show_bug.cgi?id=2036934
CVE-2021-4203
CVE-2021-4204 on Ubuntu 20.04 LTS (focal) - high.
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. It was discovered that the eBPF implementation in the Linux kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-4204` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1025.27~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1011.12~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1025.27~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1012.14~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1063.66+cvm2.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1026.29~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1012.15~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-46.51~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-46.51~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-46.51~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-46.51~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-46.51~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-25.26~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-25.26~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-25.26~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-25.26~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-25.26~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1055.58
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1018.19
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1025.27~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1015.19~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1026.28~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1011.12~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1025.27~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1012.14~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1063.66+cvm2.2
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1026.29~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1012.15~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-46.51~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-46.51~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-46.51~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-25.26~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-25.26~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-25.26~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1055.58
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1018.19
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1025.27~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1015.19~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-01-11
2022-01-11
tr3e wang
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1956585
CVE-2021-4204
CVE-2021-4206 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
Update Instructions:
Run `sudo pro fix CVE-2021-4206` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.23
qemu-block-extra - 1:4.2-3ubuntu6.23
qemu-guest-agent - 1:4.2-3ubuntu6.23
qemu-kvm - 1:4.2-3ubuntu6.23
qemu-system - 1:4.2-3ubuntu6.23
qemu-system-arm - 1:4.2-3ubuntu6.23
qemu-system-common - 1:4.2-3ubuntu6.23
qemu-system-data - 1:4.2-3ubuntu6.23
qemu-system-gui - 1:4.2-3ubuntu6.23
qemu-system-mips - 1:4.2-3ubuntu6.23
qemu-system-misc - 1:4.2-3ubuntu6.23
qemu-system-ppc - 1:4.2-3ubuntu6.23
qemu-system-s390x - 1:4.2-3ubuntu6.23
qemu-system-sparc - 1:4.2-3ubuntu6.23
qemu-system-x86 - 1:4.2-3ubuntu6.23
qemu-system-x86-microvm - 1:4.2-3ubuntu6.23
qemu-system-x86-xen - 1:4.2-3ubuntu6.23
qemu-user - 1:4.2-3ubuntu6.23
qemu-user-binfmt - 1:4.2-3ubuntu6.23
qemu-user-static - 1:4.2-3ubuntu6.23
qemu-utils - 1:4.2-3ubuntu6.23
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-04-29
2022-04-29
mdeslaur
https://bugzilla.redhat.com/show_bug.cgi?id=2036998
CVE-2021-4206
CVE-2021-4207 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
Update Instructions:
Run `sudo pro fix CVE-2021-4207` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.23
qemu-block-extra - 1:4.2-3ubuntu6.23
qemu-guest-agent - 1:4.2-3ubuntu6.23
qemu-kvm - 1:4.2-3ubuntu6.23
qemu-system - 1:4.2-3ubuntu6.23
qemu-system-arm - 1:4.2-3ubuntu6.23
qemu-system-common - 1:4.2-3ubuntu6.23
qemu-system-data - 1:4.2-3ubuntu6.23
qemu-system-gui - 1:4.2-3ubuntu6.23
qemu-system-mips - 1:4.2-3ubuntu6.23
qemu-system-misc - 1:4.2-3ubuntu6.23
qemu-system-ppc - 1:4.2-3ubuntu6.23
qemu-system-s390x - 1:4.2-3ubuntu6.23
qemu-system-sparc - 1:4.2-3ubuntu6.23
qemu-system-x86 - 1:4.2-3ubuntu6.23
qemu-system-x86-microvm - 1:4.2-3ubuntu6.23
qemu-system-x86-xen - 1:4.2-3ubuntu6.23
qemu-user - 1:4.2-3ubuntu6.23
qemu-user-binfmt - 1:4.2-3ubuntu6.23
qemu-user-static - 1:4.2-3ubuntu6.23
qemu-utils - 1:4.2-3ubuntu6.23
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-04-29
2022-04-29
mdeslaur
https://bugzilla.redhat.com/show_bug.cgi?id=2036966
CVE-2021-4207
CVE-2021-42252 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. It was discovered that the Aspeed Low Pin Count (LPC) Bus Controller implementation in the Linux kernel did not properly perform boundary checks in some situations, allowing out-of-bounds write access. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. In Ubuntu, this issue only affected systems running armhf kernels.
Update Instructions:
Run `sudo pro fix CVE-2021-42252` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-90.101
linux-image-5.4.0-153-generic-lpae - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-generic - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-90.101
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-41.45~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-41.45~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-41.45~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-41.45~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-41.45~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-22.22~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-22.22~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-22.22~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-22.22~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-22.22~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1046.50
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-90.101
linux-image-5.4.0-105-lowlatency - 5.4.0-90.101
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-41.45~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-41.45~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-41.45~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-22.22~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-22.22~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-22.22~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-10-11
2021-10-11
CVE-2021-42252
sbeattie> CONFIG_ASPEED_LPC_CTRL is only enabled on armhf platforms in Ubuntu
CVE-2021-42327 on Ubuntu 20.04 LTS (focal) - low.
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer. It was discovered that the AMD Radeon GPU driver in the Linux kernel did not properly validate writes in the debugfs file system. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-42327` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1008.8
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-10-21
2021-10-21
CVE-2021-42327
CVE-2021-42739 on Ubuntu 20.04 LTS (focal) - medium.
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-42739` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-97.110
linux-image-5.4.0-153-generic-lpae - 5.4.0-97.110
linux-image-unsigned-5.4.0-153-generic - 5.4.0-97.110
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-97.110
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1068.71
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1068.71
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1063.67
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1032.33
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1013.14
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1054.56
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1062.66
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1052.58
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-97.110
linux-image-5.4.0-105-lowlatency - 5.4.0-97.110
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1064.67
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1068.71
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1028.31~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1068.71
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1026.29
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1063.67
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1029.33~20.04.3
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1061.64
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1032.33
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1013.14
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1054.56
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1029.36
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1008.8
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1062.66
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1016.20~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-10-20
2021-10-20
CVE-2021-42739
mdeslaur> CVE-2021-3542 was marked as a duplicate of this CVE, see https://bugzilla.suse.com/show_bug.cgi?id=1184673#c17
CVE-2021-43056 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. It was discovered that the KVM implementation for POWER8 processors in the Linux kernel did not properly keep track if a wakeup event could be resolved by a guest. An attacker in a guest VM could possibly use this to cause a denial of service (host OS crash).
Update Instructions:
Run `sudo pro fix CVE-2021-43056` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-92.103
linux-image-5.4.0-153-generic-lpae - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-generic - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-92.103
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1023.26
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-52-generic-lpae - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1010.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1048.53
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1024.25~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-92.103
linux-image-5.4.0-105-lowlatency - 5.4.0-92.103
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1061.64
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1065.68
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1057.60
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-generic-64k - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1010.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1051.53
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1008.8
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-10-28
2021-10-28
CVE-2021-43056
CVE-2021-43267 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. It was discovered that the TIPC Protocol implementation in the Linux kernel did not properly validate MSG_CRYPTO messages in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-43267` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-52-generic-lpae - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1024.25~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-generic-64k - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1053.55
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1008.8
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-11-02
2021-11-02
CVE-2021-43267
CVE-2021-43389 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-43389` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-92.103
linux-image-5.4.0-153-generic-lpae - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-generic - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-92.103
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1023.26
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-52-generic-lpae - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1010.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1048.53
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1024.25~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-92.103
linux-image-5.4.0-105-lowlatency - 5.4.0-92.103
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1061.64
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1065.68
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1057.60
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-generic-64k - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1010.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1051.53
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1008.8
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-11-04
2021-11-04
butt3rflyh4ck
https://bugzilla.redhat.com/show_bug.cgi?id=2013180
CVE-2021-43389
cascardo> Adding a CAPI controller with CMTP requires CAP_NET_ADMIN in the initial namespace (init_ns). Other ISDN controllers that use CAPI have been removed upstream.
CVE-2021-43975 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can control an emulated device can use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-43975` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-100.113
linux-image-5.4.0-153-generic-lpae - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-generic - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-100.113
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1028.31
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1065.69
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1015.16
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1064.68
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1053.60
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-100.113
linux-image-5.4.0-105-lowlatency - 5.4.0-100.113
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1066.69
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1070.73
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1028.31
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1065.69
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1063.66
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1015.16
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1056.58
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1064.68
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-11-17
2021-11-17
Brendan Dolan-Gavitt
CVE-2021-43975
CVE-2021-43976 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-43976` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1022.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1022.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1024.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-40.45~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-40.45~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1011.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1024.26
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1022.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1022.26~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1024.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-40.45~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-40.45~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-40.45~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1011.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1024.26
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1027.32~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-11-17
2021-11-17
Brendan Dolan-Gavitt
CVE-2021-43976
CVE-2021-44733 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. It was discovered that the ARM Trusted Execution Environment (TEE) subsystem in the Linux kernel contained a race condition leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-44733` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-22
2021-12-22
CVE-2021-44733
CVE-2021-45095 on Ubuntu 20.04 LTS (focal) - medium.
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. It was discovered that the Phone Network protocol (PhoNet) implementation in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2021-45095` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-16
2021-12-16
CVE-2021-45095
CVE-2021-45469 on Ubuntu 20.04 LTS (focal) - medium.
In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. Wenqing Liu discovered that the f2fs file system in the Linux kernel did not properly validate the last xattr entry in an inode. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2021-45469` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-23
2021-12-23
Wenqing Liu
CVE-2021-45469
CVE-2021-45480 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances. It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2021-45480` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-24
2021-12-24
CVE-2021-45480
CVE-2021-45485 on Ubuntu 20.04 LTS (focal) - medium.
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. Amit Klein discovered that the IPv6 implementation in the Linux kernel could disclose internal state in some situations. An attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2021-45485` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-84.94
linux-image-5.4.0-153-generic-lpae - 5.4.0-84.94
linux-image-unsigned-5.4.0-153-generic - 5.4.0-84.94
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-84.94
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1056.59
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1058.60
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1058.60
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1052.56
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1052.55
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1023.24
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1004.5
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1054.58
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1043.47
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1020.21~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-84.94
linux-image-5.4.0-105-lowlatency - 5.4.0-84.94
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1056.59
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1058.60
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1017.18~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1058.60
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1052.56
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1020.22~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1052.55
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1023.24
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1004.5
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1046.48
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1049.51
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1014.18
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1054.58
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1019.20~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-25
2021-12-25
Amit Klein
CVE-2021-45485
sbeattie> complementary to CVE-2021-45486
CVE-2021-45486 on Ubuntu 20.04 LTS (focal) - medium.
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. Amit Klein discovered that the IPv4 implementation in the Linux kernel could disclose internal state in some situations. An attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2021-45486` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-77.86
linux-image-5.4.0-153-generic-lpae - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-generic - 5.4.0-77.86
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-77.86
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1013.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1046.49
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1041.42
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1048.52
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1038.41
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-77.86
linux-image-5.4.0-105-lowlatency - 5.4.0-77.86
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1051.53
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1051.53
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1051.53
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1013.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1046.49
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1009.10~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1046.48
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1018.19
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1041.42
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1032.33
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1048.52
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-12-25
2021-12-25
Amit Klein
CVE-2021-45486
CVE-2021-45868 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. It was discovered that the file system quotas implementation in the Linux kernel did not properly validate the quota block number. An attacker could use this to construct a malicious file system image that, when mounted and operated on, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2021-45868` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-97.110
linux-image-5.4.0-153-generic-lpae - 5.4.0-97.110
linux-image-unsigned-5.4.0-153-generic - 5.4.0-97.110
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-97.110
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1064.67
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1068.71
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1068.71
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1063.67
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1032.33
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-28.31~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1013.14
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1054.56
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1013.13
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1062.66
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1052.58
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-97.110
linux-image-5.4.0-105-lowlatency - 5.4.0-97.110
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1064.67
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1012.13~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1068.71
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1013.15~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1068.71
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1026.29
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1063.67
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1013.16~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1061.64
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1032.33
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-28.31~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-28.31~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1013.14
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1054.56
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1013.13
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1062.66
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1016.20~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-18
2022-03-18
https://bugzilla.kernel.org/show_bug.cgi?id=214655
https://bugzilla.redhat.com/show_bug.cgi?id=2065662
CVE-2021-45868
CVE-2022-0001 on Ubuntu 20.04 LTS (focal) - high.
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-0001` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-104.118
linux-image-5.4.0-153-generic-lpae - 5.4.0-104.118
linux-image-unsigned-5.4.0-153-generic - 5.4.0-104.118
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-104.118
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1072.75
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1072.75
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1030.33
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1067.71
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1036.37
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-35.40~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-35.40~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1017.19
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1058.61
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1027.30
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1066.71
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1055.62
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-104.118
linux-image-5.4.0-105-lowlatency - 5.4.0-104.118
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1072.75
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1072.75
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1030.33
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1067.71
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1065.68
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1036.37
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-35.40~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-35.40~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-35.40~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1017.19
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1058.61
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1027.30
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1066.71
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1021.26~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-03-08
2022-03-08
Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida
2022-03-08
CVE-2022-0001
sbeattie> unprivileged eBPF was already disabled by default for 5.13 and newer kernels this issue is priority medium for trusty/3.13 kernels, as unprivileged BPF was not yet available in the Linux kernel of that era.
CVE-2022-0002 on Ubuntu 20.04 LTS (focal) - high.
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-0002` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-104.118
linux-image-5.4.0-153-generic-lpae - 5.4.0-104.118
linux-image-unsigned-5.4.0-153-generic - 5.4.0-104.118
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-104.118
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1072.75
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1072.75
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1030.33
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1067.71
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1036.37
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-35.40~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-35.40~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1017.19
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1058.61
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1027.30
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1066.71
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1055.62
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-104.118
linux-image-5.4.0-105-lowlatency - 5.4.0-104.118
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1072.75
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1072.75
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1030.33
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1067.71
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1065.68
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1036.37
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-35.40~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-35.40~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-35.40~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1017.19
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1058.61
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1027.30
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1066.71
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1021.26~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-03-08
2022-03-08
Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida
2022-03-08
CVE-2022-0002
sbeattie> unprivileged eBPF was already disabled by default for 5.13 and newer kernels this issue is priority medium for trusty/3.13 kernels, as unprivileged BPF was not yet available in the Linux kernel of that era.
CVE-2022-0168 on Ubuntu 20.04 LTS (focal) - medium.
A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl() in some situations. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-0168` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-25
2022-03-25
Billy Jheng Bing Jhong
https://bugzilla.redhat.com/show_bug.cgi?id=2037386
https://bugzilla.suse.com/show_bug.cgi?id=1197472
CVE-2022-0168
sbeattie> reproducers in git commits
CVE-2022-0171 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization (SEV). A local attacker could possibly use this to cause a denial of service (host system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-0171` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-26
2022-08-26
Mingwei Zhang
https://bugzilla.redhat.com/show_bug.cgi?id=2038940
CVE-2022-0171
CVE-2022-0185 on Ubuntu 20.04 LTS (focal) - high.
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-0185` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-96.109
linux-image-5.4.0-153-generic-lpae - 5.4.0-96.109
linux-image-unsigned-5.4.0-153-generic - 5.4.0-96.109
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-96.109
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1027.30~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1011.12~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1067.70
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1027.30~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1012.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1067.70
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1025.28
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1062.66
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1028.32~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1012.15~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1031.32
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-27.29~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-27.29~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-27.29~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-27.29~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-27.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1012.13
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1053.55
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1057.61
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1028.35
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1020.22
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1061.65
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1027.30~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1015.19~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1050.56
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1028.31~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-96.109
linux-image-5.4.0-105-lowlatency - 5.4.0-96.109
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1063.66
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1011.12~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1067.70
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1027.30~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1012.14~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1067.70
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1025.28
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1062.66
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1028.32~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1012.15~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1059.62
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1031.32
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-27.29~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-27.29~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-27.29~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1012.13
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1053.55
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1057.61
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1028.35
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1020.22
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1061.65
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1027.30~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1015.19~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-01-18
2022-01-18
William Liu and Jamie Hill-Daniel
CVE-2022-0185
alexmurray> Requires CAP_SYS_ADMIN however this can be done within a new user namespace - so can be mitigated by disabling unprivileged user namespaces.
CVE-2022-0286 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.
Update Instructions:
Run `sudo pro fix CVE-2022-0286` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-01-31
CVE-2022-0286
CVE-2022-0322 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).
Update Instructions:
Run `sudo pro fix CVE-2022-0322` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-92.103
linux-image-5.4.0-153-generic-lpae - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-generic - 5.4.0-92.103
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-92.103
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1023.26
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1057.60
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-lpae - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-52-generic-lpae - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-23.23~20.04.2
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1010.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1051.53
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1059.63
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1048.53
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1024.25~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-92.103
linux-image-5.4.0-105-lowlatency - 5.4.0-92.103
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1061.64
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1065.68
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1065.68
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1023.26
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1029-gcp - 5.11.0-1024.26~20.04.1
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1057.60
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1029.30
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-generic-64k - 5.11.0-44.48~20.04.2
linux-image-5.11.0-46-lowlatency - 5.11.0-44.48~20.04.2
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-generic-64k - 5.13.0-23.23~20.04.2
linux-image-5.13.0-37-lowlatency - 5.13.0-23.23~20.04.2
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1010.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1051.53
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1051.53
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1026.32
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1059.63
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1023.24~20.04.1
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-25
Eiichi Tsukata
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1954832
CVE-2022-0322
CVE-2022-0330 on Ubuntu 20.04 LTS (focal) - medium.
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-0330` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-100.113
linux-image-5.4.0-153-generic-lpae - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-generic - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-100.113
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1014.15~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1014.16~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1028.31
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1065.69
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-30.33~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-30.33~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1015.16
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1064.68
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1018.22~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1053.60
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-100.113
linux-image-5.4.0-105-lowlatency - 5.4.0-100.113
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1066.69
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1014.15~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1070.73
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1014.16~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1028.31
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1065.69
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1015.18~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-30.33~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-30.33~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-30.33~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1015.16
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1056.58
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1064.68
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1018.22~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-01-26
2022-01-26
Sushma Venkatesh Reddy
CVE-2022-0330
CVE-2022-0435 on Ubuntu 20.04 LTS (focal) - medium.
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. Samuel Page discovered that the Transparent Inter-Process Communication (TIPC) protocol implementation in the Linux kernel contained a stack-based buffer overflow. A remote attacker could use this to cause a denial of service (system crash) for systems that have a TIPC bearer configured.
Update Instructions:
Run `sudo pro fix CVE-2022-0435` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1024.26
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1024.26
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-02-10
2022-02-10
Samuel Page
CVE-2022-0435
sbeattie> introduced in v4.8 mitigated by CONFIG_FORTIFY_SOURCE, enabled in Ubuntu kernels since v4.18 kernels (Ubuntu 18.10 and newer, as well as HWE kernels for 18.04 LTS), mitigates this into a DoS. for 4.15 kernels as used in 18.04 LTS and HWE for 16.04 ESM, kernels are built with stack-protector, which makes this more difficult to exploit.
CVE-2022-0487 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. Zhihua Yao discovered that the MOXART SD/MMC driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-0487` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-110.124
linux-image-5.4.0-153-generic-lpae - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-generic - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-110.124
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1021.23
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1027.30
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1071.77
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1060.68
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-110.124
linux-image-5.4.0-105-lowlatency - 5.4.0-110.124
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1078.81
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1071.76
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1021.23
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1027.30
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1071.77
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-02-04
2022-02-04
Zhihua Yao of KunLun Lab
CVE-2022-0487
CVE-2022-0492 on Ubuntu 20.04 LTS (focal) - high.
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges.
Update Instructions:
Run `sudo pro fix CVE-2022-0492` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1024.26
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1024.26
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-02-08
2022-02-08
Yiqi Sun and Kevin Wang
CVE-2022-0492
CVE-2022-0494 on Ubuntu 20.04 LTS (focal) - low.
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. It was discovered that the block layer subsystem in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-0494` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-124.140
linux-image-5.4.0-153-generic-lpae - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-generic - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-124.140
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1083.90
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1086.94
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1080.86
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1031.35
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1081.89
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1068.78
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-124.140
linux-image-5.4.0-105-lowlatency - 5.4.0-124.140
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1083.90
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1044.49
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1086.94
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1080.86
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1031.35
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1073.78
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1081.89
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-03-25
2022-03-25
CVE-2022-0494
sbeattie> requires privileges in the init namespace to exploit, prioritized as low
CVE-2022-0500 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. It was discovered that the eBPF implementation in the Linux kernel did not properly prevent writes to kernel objects in BPF_BTF_LOAD commands. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-0500` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1015.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1013.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1015.19~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1013.18~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-25
2022-03-25
CVE-2022-0500
sbeattie> unprivileged eBPF has been disabled by default in Ubuntu kernels as of 2022-03-08, requires CAP_SYS_ADMIN or CAP_BPF privileges.
CVE-2022-0516 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. It was discovered that the KVM implementation for s390 systems in the Linux kernel did not properly prevent memory operations on PVM guests that were in non-protected mode. A local attacker could use this to obtain unauthorized memory write access.
Update Instructions:
Run `sudo pro fix CVE-2022-0516` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1027.30
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1027.30
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-10
2022-03-10
CVE-2022-0516
CVE-2022-0617 on Ubuntu 20.04 LTS (focal) - low.
A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. It was discovered that the UDF file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious UDF image that, when mounted and operated on, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-0617` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-109.123
linux-image-5.4.0-153-generic-lpae - 5.4.0-109.123
linux-image-unsigned-5.4.0-153-generic - 5.4.0-109.123
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-109.123
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1072.77
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1022.24~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1077.80
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1022.26~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1077.80
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1035.38
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1072.77
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1024.29~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1068.71
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1039.40
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-40.45~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-40.45~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1020.22
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1011.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1024.26
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1070.76
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1059.67
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-109.123
linux-image-5.4.0-105-lowlatency - 5.4.0-109.123
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1072.77
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1022.24~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1077.80
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1022.26~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1077.80
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1035.38
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1072.77
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1024.29~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1068.71
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1039.40
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-40.45~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-40.45~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-40.45~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1020.22
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1011.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1062.65
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1024.26
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1070.76
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1027.32~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-02-16
2022-02-16
butt3rflyh4ck
CVE-2022-0617
CVE-2022-0778 on Ubuntu 20.04 LTS (focal) - high.
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
Update Instructions:
Run `sudo pro fix CVE-2022-0778` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2.12
openssl - 1.1.1f-1ubuntu2.12
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-03-15
2022-03-15
Tavis Ormandy
2022-03-15
CVE-2022-0778
CVE-2022-0812 on Ubuntu 20.04 LTS (focal) - medium.
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-0812` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1023.23
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-29
2022-08-29
https://bugzilla.redhat.com/show_bug.cgi?id=2058955
https://bugzilla.redhat.com/show_bug.cgi?id=2058361
CVE-2022-0812
sbeattie> this is probably fixed by 912288442cb2f
CVE-2022-0847 on Ubuntu 20.04 LTS (focal) - high.
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Max Kellermann discovered that the Linux kernel incorrectly handled Unix pipes. A local attacker could potentially use this to modify any file that could be opened for reading.
Update Instructions:
Run `sudo pro fix CVE-2022-0847` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-35.40~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-35.40~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1027.30
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1019.23~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-35.40~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-35.40~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-35.40~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1027.30
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1021.26~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-03-07
2022-03-07
Max Kellermann
CVE-2022-0847
mdeslaur> The specific flaw exists in the bionic and focal, but is not currently exploitable due to lack of a flag that was introduced in kernel 5.8. The flaw will be fixed as part of the next round of bionic and focal kernel updates in case some other way of exploiting it is discovered in the future. The hardware enablement kernel for focal, linux-hwe-5.13, was updated to fix this issue in USN-5317-1.
CVE-2022-0850 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. It was discovered that the ext4 file system implementation in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-0850` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-84.94
linux-image-5.4.0-153-generic-lpae - 5.4.0-84.94
linux-image-unsigned-5.4.0-153-generic - 5.4.0-84.94
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-84.94
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1056.59
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1058.60
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1058.60
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1019.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1052.56
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1052.55
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1023.24
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1004.5
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1046.48
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1054.58
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1043.47
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-84.94
linux-image-5.4.0-105-lowlatency - 5.4.0-84.94
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1056.59
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1058.60
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1058.60
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1019.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1052.56
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1052.55
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1023.24
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1004.5
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1046.48
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1054.58
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-29
2022-08-29
CVE-2022-0850
CVE-2022-0854 on Ubuntu 20.04 LTS (focal) - low.
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. It was discovered that the DMA subsystem in the Linux kernel did not properly ensure bounce buffers were completely overwritten by the DMA device. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-0854` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-03-23
2022-03-23
https://bugzilla.redhat.com/show_bug.cgi?id=2058395
CVE-2022-0854
CVE-2022-0998 on Ubuntu 20.04 LTS (focal) - medium.
An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Update Instructions:
Run `sudo pro fix CVE-2022-0998` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-30
Luo Likang
CVE-2022-0998
alexmurray> As per https://www.openwall.com/lists/oss-security/2022/04/02/1 3ed21c1451a14d139e1ceb18f2fa70865ce3195a is also required as well.
CVE-2022-1011 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. Jann Horn discovered that the FUSE file system in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-1011` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-18
2022-03-18
Jann Horn
CVE-2022-1011
CVE-2022-1012 on Ubuntu 20.04 LTS (focal) - medium.
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-1012` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-126.142
linux-image-5.4.0-153-generic-lpae - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-generic - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-126.142
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1085.92
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1046.51
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1033.37
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1083.91
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1070.80
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-126.142
linux-image-5.4.0-105-lowlatency - 5.4.0-126.142
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1085.92
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1046.51
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1033.37
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1075.80
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1083.91
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-05-12
2022-05-12
Moshe Kol, Amit Klein and Yossi Gilad
CVE-2022-1012
CVE-2022-1015 on Ubuntu 20.04 LTS (focal) - high.
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-1015` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1022.24~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1022.26~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1024.29~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-40.45~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-40.45~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1011.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1022.24~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1022.26~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1024.29~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-40.45~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-40.45~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-40.45~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1011.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1027.32~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-03-28
2022-03-28
David Bouman
CVE-2022-1015
sbeattie> requires CAP_NET_ADMIN, however this can be done within a new user namespace and network namespace - so can be mitigated by disabling unprivileged user namespaces.
CVE-2022-1016 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. David Bouman discovered that the netfilter subsystem in the Linux kernel did not initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-1016` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-110.124
linux-image-5.4.0-153-generic-lpae - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-generic - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-110.124
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1022.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1022.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1024.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-40.45~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-40.45~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1021.23
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1011.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1071.77
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1060.68
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-110.124
linux-image-5.4.0-105-lowlatency - 5.4.0-110.124
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1022.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1078.81
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1022.26~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1024.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1071.76
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-40.45~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-40.45~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-40.45~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1021.23
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1011.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1071.77
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1027.32~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-28
2022-03-28
David Bouman
CVE-2022-1016
CVE-2022-1048 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. Hu Jiahui discovered that multiple race conditions existed in the Advanced Linux Sound Architecture (ALSA) framework, leading to use-after-free vulnerabilities. A local attacker could use these to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-1048` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-124.140
linux-image-5.4.0-153-generic-lpae - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-generic - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-124.140
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1083.90
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1086.94
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1080.86
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1031.35
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1081.89
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1068.78
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-124.140
linux-image-5.4.0-105-lowlatency - 5.4.0-124.140
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1083.90
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1044.49
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1086.94
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1080.86
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1031.35
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1073.78
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1081.89
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-25
2022-03-25
Hu Jiahui
https://bugzilla.redhat.com/show_bug.cgi?id=2066706
CVE-2022-1048
CVE-2022-1055 on Ubuntu 20.04 LTS (focal) - high.
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-1055` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-107.121
linux-image-5.4.0-153-generic-lpae - 5.4.0-107.121
linux-image-unsigned-5.4.0-153-generic - 5.4.0-107.121
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-107.121
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1021.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1074.77
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1074.77
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1067.70
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1038.39
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-39.44~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-39.44~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-39.44~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-39.44~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-39.44~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1019.21
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1027.30
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1069.75
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1058.65
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-107.121
linux-image-5.4.0-105-lowlatency - 5.4.0-107.121
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1071.76
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1021.23~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1074.77
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1074.77
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1067.70
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1038.39
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-39.44~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-39.44~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-39.44~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1019.21
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1061.64
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1027.30
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1069.75
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-03-29
2022-03-29
CVE-2022-1055
CVE-2022-1116 on Ubuntu 20.04 LTS (focal) - high.
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux kernel contained in integer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-1116` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-113.127
linux-image-5.4.0-153-generic-lpae - 5.4.0-113.127
linux-image-unsigned-5.4.0-153-generic - 5.4.0-113.127
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-113.127
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1080.83
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1080.83
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1036.39
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1072.77
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1043.44
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1023.25
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1073.79
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1062.70
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-113.127
linux-image-5.4.0-105-lowlatency - 5.4.0-113.127
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1075.80
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1080.83
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1080.83
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1036.39
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1075.80
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1072.77
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1043.44
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1023.25
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1065.68
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1073.79
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-05-16
2022-05-16
Bing-Jhong Billy Jheng
2022-05-16
https://bugzilla.redhat.com/show_bug.cgi?id=2087936
CVE-2022-1116
sbeattie> affects 5.4 kernels only
CVE-2022-1158 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS.
Update Instructions:
Run `sudo pro fix CVE-2022-1158` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1030.36~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-48.54~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-48.54~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1014.15
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1028.31~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1030.36~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-48.54~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-48.54~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-48.54~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1014.15
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-04-07
2022-04-07
Qiuhao Li, Gaoning Pan and Yongkang Jia
2022-04-07
CVE-2022-1158
CVE-2022-1184 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. It was discovered that the ext4 file system implementation in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-1184` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-154.171
linux-image-5.4.0-153-generic-lpae - 5.4.0-154.171
linux-image-unsigned-5.4.0-153-generic - 5.4.0-154.171
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-154.171
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1029.35~20.04.1
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1029.33~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-154.171
linux-image-5.4.0-105-lowlatency - 5.4.0-154.171
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-60.66~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1029.35~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-29
https://bugzilla.redhat.com/show_bug.cgi?id=2070205
https://bugzilla.suse.com/show_bug.cgi?id=1198577
CVE-2022-1184
sbeattie> not clear if the first two commits are related to this CVE or are some other issue. last three commits are per suse bug; 61a1d87a324a ("ext4: fix check for block being out of directory size") is a fix for 65f8ea4cd57d ("ext4: check if directory block is within i_size")
CVE-2022-1195 on Ubuntu 20.04 LTS (focal) - low.
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-1195` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-122.138
linux-image-5.4.0-153-generic-lpae - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-generic - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-122.138
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1081.88
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1042.47
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1029.33
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1079.87
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1066.76
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-122.138
linux-image-5.4.0-105-lowlatency - 5.4.0-122.138
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1081.88
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1042.47
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1029.33
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1071.76
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1079.87
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-04-29
2022-04-29
CVE-2022-1195
CVE-2022-1198 on Ubuntu 20.04 LTS (focal) - low.
A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. Duoming Zhou discovered that the 6pack protocol implementation in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-1198` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-04-02
2022-04-02
Duoming Zhou
CVE-2022-1198
CVE-2022-1199 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-1199` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-122.138
linux-image-5.4.0-153-generic-lpae - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-generic - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-122.138
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1081.88
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1042.47
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1029.33
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1079.87
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1066.76
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-122.138
linux-image-5.4.0-105-lowlatency - 5.4.0-122.138
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1081.88
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1042.47
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1029.33
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1071.76
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1079.87
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-04-02
2022-04-02
Duoming Zhou
CVE-2022-1199
CVE-2022-1204 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-1204` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-122.138
linux-image-5.4.0-153-generic-lpae - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-generic - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-122.138
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1081.88
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1042.47
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1029.33
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1079.87
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1066.76
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-122.138
linux-image-5.4.0-105-lowlatency - 5.4.0-122.138
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1081.88
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1042.47
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1029.33
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1071.76
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1079.87
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-04-02
2022-04-02
Duoming Zhou
CVE-2022-1204
CVE-2022-1205 on Ubuntu 20.04 LTS (focal) - medium.
A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-1205` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-122.138
linux-image-5.4.0-153-generic-lpae - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-generic - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-122.138
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1081.88
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1042.47
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1029.33
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1079.87
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1066.76
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-122.138
linux-image-5.4.0-105-lowlatency - 5.4.0-122.138
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1081.88
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1042.47
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1029.33
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1071.76
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1079.87
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-04-02
2022-04-02
Duoming Zhou
CVE-2022-1205
CVE-2022-1263 on Ubuntu 20.04 LTS (focal) - medium.
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered that the kvm implementation in the Linux kernel did not handle releasing a virtual cpu properly. A local attacker in a guest VM coud possibly use this to cause a denial of service (host system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-1263` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-04-08
2022-04-08
Qiuhao Li, Gaoning Pan, and Yongkang Jia
CVE-2022-1263
sbeattie> PoC in oss-security post
CVE-2022-1280 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.
Update Instructions:
Run `sudo pro fix CVE-2022-1280` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-04-14
2022-04-14
CVE-2022-1280
CVE-2022-1353 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-1353` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-04-29
2022-04-29
CVE-2022-1353
CVE-2022-1419 on Ubuntu 20.04 LTS (focal) - medium.
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. It was discovered that the virtual graphics memory manager implementation in the Linux kernel was subject to a race condition, potentially leading to an information leak.
Update Instructions:
Run `sudo pro fix CVE-2022-1419` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-05-02
2022-05-02
CVE-2022-1419
CVE-2022-1462 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. It was discovered that the tty subsystem in the Linux kernel contained a race condition in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-1462` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-128.144
linux-image-5.4.0-153-generic-lpae - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-generic - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-128.144
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1090.98
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1054.57
No subscription required
linux-image-unsigned-5.15.0-1023-gkeop - 5.15.0-1005.7~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1034.38
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1005.7
linux-image-unsigned-5.4.0-1014-iot - 5.4.0-1005.7
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1076.81
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1071.81
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-128.144
linux-image-5.4.0-105-lowlatency - 5.4.0-128.144
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1047.52
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1090.98
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-1023-gkeop - 5.15.0-1005.7~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1034.38
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1005.7
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1076.81
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-50.56~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1020.24
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-02
2022-06-02
https://bugzilla.redhat.com/show_bug.cgi?id=2078466
https://bugzilla.suse.com/show_bug.cgi?id=1198829
CVE-2022-1462
sbeattie> prequisite fix would be 716b10580283 ("tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()")
CVE-2022-1516 on Ubuntu 20.04 LTS (focal) - medium.
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-1516` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-05-05
2022-05-05
CVE-2022-1516
CVE-2022-1651 on Ubuntu 20.04 LTS (focal) - medium.
A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service. It was discovered that the ACRN Hypervisor Service Module implementation in the Linux kernel did not properly deallocate memory in some situations. A local privileged attacker could possibly use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2022-1651` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-05-12
2022-05-12
CVE-2022-1651
sbeattie> likely not an information leak, just failing to deallocate kernel memory
CVE-2022-1652 on Ubuntu 20.04 LTS (focal) - medium.
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-1652` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-124.140
linux-image-5.4.0-153-generic-lpae - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-generic - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-124.140
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1083.90
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1086.94
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1080.86
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-43.46~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-43.46~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-43.46~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1031.35
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-43.46~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1081.89
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1068.78
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-124.140
linux-image-5.4.0-105-lowlatency - 5.4.0-124.140
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1083.90
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1044.49
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1086.94
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1080.86
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-43.46~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1031.35
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1073.78
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-43.46~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1081.89
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1016.20~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-02
2022-06-02
Minh Yuan
https://bugzilla.suse.com/show_bug.cgi?id=1199063
CVE-2022-1652
CVE-2022-1671 on Ubuntu 20.04 LTS (focal) - medium.
A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information. It was discovered that the RxRPC session socket implementation in the Linux kernel did not properly handle ioctls called when no security protocol is given. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-1671` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-05-18
2022-05-18
https://bugzilla.redhat.com/show_bug.cgi?id=2083992
CVE-2022-1671
CVE-2022-1678 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
Update Instructions:
Run `sudo pro fix CVE-2022-1678` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-05-25
CVE-2022-1678
CVE-2022-1679 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-1679` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-124.140
linux-image-5.4.0-153-generic-lpae - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-generic - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-124.140
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1083.90
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1086.94
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1080.86
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-43.46~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-43.46~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-43.46~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1031.35
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1004.6
linux-image-unsigned-5.4.0-1014-iot - 5.4.0-1004.6
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-43.46~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1045.51
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1081.89
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1068.78
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1017.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-124.140
linux-image-5.4.0-105-lowlatency - 5.4.0-124.140
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1083.90
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1044.49
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1086.94
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1080.86
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-43.46~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1031.35
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1004.6
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1073.78
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-43.46~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1045.51
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1081.89
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1020.24
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-05-16
2022-05-16
https://bugzilla.redhat.com/show_bug.cgi?id=2084125
CVE-2022-1679
CVE-2022-1729 on Ubuntu 20.04 LTS (focal) - low.
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-1729` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-126.142
linux-image-5.4.0-153-generic-lpae - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-generic - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-126.142
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1085.92
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1046.51
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1033.37
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1083.91
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1070.80
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-126.142
linux-image-5.4.0-105-lowlatency - 5.4.0-126.142
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1085.92
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1046.51
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1033.37
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1075.80
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1083.91
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-05-20
2022-05-20
Norbert Slusarek
CVE-2022-1729
alexmurray> Ubuntu kernels enable SECURITY_PERF_EVENTS_RESTRICT which sets kernel.perf_event_paranoid >= 3 and so disables unprivileged users from using perf by default. As such in their default configuration, Ubuntu kernels are not able to be exploited by this flaw to achieve local privilege escalation.
CVE-2022-1734 on Ubuntu 20.04 LTS (focal) - medium.
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-1734` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-124.140
linux-image-5.4.0-153-generic-lpae - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-generic - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-124.140
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1083.90
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1015.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1086.94
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1013.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1080.86
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1031.35
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1081.89
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1013.17~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1068.78
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-124.140
linux-image-5.4.0-105-lowlatency - 5.4.0-124.140
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1083.90
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1015.19~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1044.49
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1086.94
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1013.18~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1080.86
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1031.35
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1073.78
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1081.89
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1013.17~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-05-18
2022-05-18
CVE-2022-1734
CVE-2022-1786 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. Kyle Zeng discovered that a use-after-free vulnerability existed in the io_uring subsystem in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-1786` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1007.7
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1007.7
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-02
Kyle Zeng
CVE-2022-1786
CVE-2022-1789 on Ubuntu 20.04 LTS (focal) - medium.
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle guest TLB mapping invalidation requests in some situations. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS.
Update Instructions:
Run `sudo pro fix CVE-2022-1789` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-122.138
linux-image-5.4.0-153-generic-lpae - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-generic - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-122.138
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1081.88
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1015.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1042.47
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1013.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1029.33
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1079.87
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1013.17~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1066.76
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-122.138
linux-image-5.4.0-105-lowlatency - 5.4.0-122.138
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1081.88
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1015.19~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1042.47
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1013.18~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1029.33
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1071.76
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1079.87
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1013.17~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-02
2022-06-02
Yongkang Jia
CVE-2022-1789
CVE-2022-1852 on Ubuntu 20.04 LTS (focal) - medium.
A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle an illegal instruction in a guest, resulting in a null pointer dereference. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS.
Update Instructions:
Run `sudo pro fix CVE-2022-1852` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1017.22~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-30
2022-06-30
Qiuhao Li, Gaoning Pan, and Yongkang Jia
CVE-2022-1852
CVE-2022-1882 on Ubuntu 20.04 LTS (focal) - high.
A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-1882` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-50.56~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1019.24~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-05-26
2022-05-26
Selim Enes Karaduman
https://bugzilla.redhat.com/show_bug.cgi?id=2089701
https://bugzilla.suse.com/show_bug.cgi?id=1199904
CVE-2022-1882
sbeattie> possibly introduced in db8facfc9fafacefe8a835 (v5.17-rc8)
CVE-2022-1943 on Ubuntu 20.04 LTS (focal) - medium.
A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially It was discovered that the UDF file system implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-1943` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-02
2022-06-02
butt3rflyh4ck
CVE-2022-1943
CVE-2022-1973 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem. Gerald Lee discovered that the NTFS file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-1973` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1017.22~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-08
2022-06-08
Gerald Lee
CVE-2022-1973
CVE-2022-1974 on Ubuntu 20.04 LTS (focal) - low.
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. Duoming Zhou discovered a race condition in the NFC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-1974` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-126.142
linux-image-5.4.0-153-generic-lpae - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-generic - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-126.142
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1085.92
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1046.51
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1033.37
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1083.91
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1070.80
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-126.142
linux-image-5.4.0-105-lowlatency - 5.4.0-126.142
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1085.92
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1046.51
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1033.37
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1075.80
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1083.91
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1017.22~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-06-06
2022-06-06
Duoming Zhou
CVE-2022-1974
sbeattie> requires CAP_NET_ADMIN in the init namespace.
CVE-2022-1975 on Ubuntu 20.04 LTS (focal) - low.
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not properly prevent context switches from occurring during certain atomic context operations. A privileged local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-1975` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-124.140
linux-image-5.4.0-153-generic-lpae - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-generic - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-124.140
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1083.90
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1015.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1086.94
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1013.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1080.86
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1031.35
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1081.89
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1013.17~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1068.78
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-124.140
linux-image-5.4.0-105-lowlatency - 5.4.0-124.140
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1083.90
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1015.19~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1044.49
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1086.94
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1013.18~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1080.86
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1031.35
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1073.78
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1081.89
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1013.17~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-06-06
2022-06-06
Duoming Zhou
CVE-2022-1975
sbeattie> requires CAP_NET_ADMIN in the init namespace.
CVE-2022-1998 on Ubuntu 20.04 LTS (focal) - medium.
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
Update Instructions:
Run `sudo pro fix CVE-2022-1998` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1014.15
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1027.30
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1014.15
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1027.30
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1028.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-09
CVE-2022-1998
CVE-2022-20008 on Ubuntu 20.04 LTS (focal) - medium.
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel It was discovered that the MMC/SD subsystem in the Linux kernel did not properly handle read errors from SD cards in certain situations. An attacker could possibly use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-20008` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-110.124
linux-image-5.4.0-153-generic-lpae - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-generic - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-110.124
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1021.23
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1027.30
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1071.77
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1060.68
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-110.124
linux-image-5.4.0-105-lowlatency - 5.4.0-110.124
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1078.81
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1071.76
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1021.23
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1027.30
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1071.77
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1028.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-05-10
2022-05-10
CVE-2022-20008
CVE-2022-20132 on Ubuntu 20.04 LTS (focal) - low.
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel It was discovered that the HID subsystem in the Linux kernel did not properly validate inputs in certain conditions. A local attacker with physical access could plug in a specially crafted USB device to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-20132` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-100.113
linux-image-5.4.0-153-generic-lpae - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-generic - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-100.113
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1028.31
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1065.69
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1015.16
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1064.68
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1053.60
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-100.113
linux-image-5.4.0-105-lowlatency - 5.4.0-100.113
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1066.69
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1070.73
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1028.31
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1015.16
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1056.58
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-06-15
2022-06-15
CVE-2022-20132
sbeattie> requires malicious USB devices to be inserted. according to google, the following commits may also be needed, that clean up missing Kconfig dependencies on USB_HID that may cause build failures when incorporating the identified fixing commits: 30cb3c2ad24b66fb7639a6d1f4390c74d6e68f94 d080811f27936f712f619f847389f403ac873b8f f237d9028f844a86955fc9da59d7ac4a5c55d7d5
CVE-2022-20141 on Ubuntu 20.04 LTS (focal) - medium.
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel Liu Jian discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-20141` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-90.101
linux-image-5.4.0-153-generic-lpae - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-generic - 5.4.0-90.101
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-90.101
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1021.24
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1055.58
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1007.8
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1049.51
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1046.50
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-90.101
linux-image-5.4.0-105-lowlatency - 5.4.0-90.101
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1055.58
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1026.27
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1007.8
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1049.51
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-15
2022-06-15
Liu Jian
CVE-2022-20141
CVE-2022-20154 on Ubuntu 20.04 LTS (focal) - medium.
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel
Update Instructions:
Run `sudo pro fix CVE-2022-20154` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-105.119
linux-image-5.4.0-153-generic-lpae - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-generic - 5.4.0-105.119
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-105.119
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1018.20
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1059.62
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1067.72
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1056.63
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-105.119
linux-image-5.4.0-105-lowlatency - 5.4.0-105.119
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1069.73
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1073.76
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1066.69
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1018.20
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1059.62
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1067.72
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-15
CVE-2022-20154
CVE-2022-20368 on Ubuntu 20.04 LTS (focal) - medium.
Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel It was discovered that the Packet network protocol implementation in the Linux kernel contained an out-of-bounds access. A remote attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-20368` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-11
2022-08-11
https://bugzilla.suse.com/show_bug.cgi?id=1202346
CVE-2022-20368
sbeattie> Originally, there was confusion that the same commit appeared to fix CVE-2022-20158 as well as this CVE, but the information in the other CVE has been corrected. according to SUSE, the commit b2cf86e1563e ("packet: in recvmsg msg_name return at least sizeof sockaddr_ll") may also be needed for older kernels
CVE-2022-20369 on Ubuntu 20.04 LTS (focal) - medium.
In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-20369` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-128.144
linux-image-5.4.0-153-generic-lpae - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-generic - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-128.144
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1090.98
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1034.38
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1076.81
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1071.81
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-128.144
linux-image-5.4.0-105-lowlatency - 5.4.0-128.144
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1047.52
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1090.98
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1034.38
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1076.81
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-11
2022-08-11
CVE-2022-20369
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-20421 on Ubuntu 20.04 LTS (focal) - medium.
In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-20421` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-136.153
linux-image-5.4.0-153-generic-lpae - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-generic - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-136.153
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1093.101
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1097.106
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1091.98
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1041.46
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1091.100
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1078.89
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-136.153
linux-image-5.4.0-105-lowlatency - 5.4.0-136.153
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1093.101
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1097.106
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1091.98
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1041.46
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1091.100
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-11
2022-10-11
CVE-2022-20421
CVE-2022-20422 on Ubuntu 20.04 LTS (focal) - medium.
In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-20422` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-132.148
linux-image-5.4.0-153-generic-lpae - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-generic - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-132.148
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1050.56
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1087.94
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1037.42
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1079.85
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1087.96
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1074.85
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-132.148
linux-image-5.4.0-105-lowlatency - 5.4.0-132.148
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1050.56
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1087.94
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1037.42
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1079.85
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1087.96
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-11
2022-10-11
CVE-2022-20422
CVE-2022-20423 on Ubuntu 20.04 LTS (focal) - medium.
In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel
Update Instructions:
Run `sudo pro fix CVE-2022-20423` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-11
CVE-2022-20423
CVE-2022-20566 on Ubuntu 20.04 LTS (focal) - medium.
In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel Lee Jones discovered that a use-after-free vulnerability existed in the Bluetooth implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-20566` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-128.144
linux-image-5.4.0-153-generic-lpae - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-generic - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-128.144
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1090.98
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1034.38
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1076.81
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1058.66
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1071.81
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-128.144
linux-image-5.4.0-105-lowlatency - 5.4.0-128.144
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1047.52
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1090.98
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1034.38
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1076.81
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-50.56~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1058.66
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1019.24~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-16
2022-12-16
Lee Jones
CVE-2022-20566
CVE-2022-20572 on Ubuntu 20.04 LTS (focal) - medium.
In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel It was discovered that the device-mapper verity (dm-verity) driver in the Linux kernel did not properly verify targets being loaded into the device- mapper table. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-20572` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-126.142
linux-image-5.4.0-153-generic-lpae - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-generic - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-126.142
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1085.92
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1046.51
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1033.37
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1083.91
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1070.80
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-126.142
linux-image-5.4.0-105-lowlatency - 5.4.0-126.142
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1085.92
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1046.51
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1033.37
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1075.80
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1083.91
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1017.22~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-16
2022-12-16
CVE-2022-20572
rodrigo-zaiden> possible duplicate of CVE-2022-2503.
CVE-2022-2078 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. It was discovered that the netfilter subsystem in the Linux kernel contained a buffer overflow in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-2078` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1012.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1042.47
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1013.17~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1012.17~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1042.47
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1013.17~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-30
2022-06-30
CVE-2022-2078
sbeattie> CVE-2022-1972 is a duplicate of this issue fixes ZDI-CAN-17464
CVE-2022-21123 on Ubuntu 20.04 LTS (focal) - medium.
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-21123` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
intel-microcode - 3.20220510.0ubuntu0.20.04.1
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-120.136
linux-image-5.4.0-153-generic-lpae - 5.4.0-120.136
linux-image-unsigned-5.4.0-153-generic - 5.4.0-120.136
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-120.136
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1080.87
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1085.90
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1031.37~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1085.90
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1080.87
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1012.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1076.82
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1048.51
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-51.58~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-51.58~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-51.58~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-51.58~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-51.58~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1028.32
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1017.19
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1010.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1070.75
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1078.86
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-120.136
linux-image-5.4.0-105-lowlatency - 5.4.0-120.136
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1080.87
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1031.35~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1085.90
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1031.37~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1085.90
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1080.87
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1033.40~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1012.17~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1076.82
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1048.51
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-51.58~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-51.58~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-51.58~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1028.32
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1017.19
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1010.14~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1070.75
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1078.86
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1036.43~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-15
2022-06-15
CVE-2022-21123
CVE-2022-21125 on Ubuntu 20.04 LTS (focal) - medium.
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-21125` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
intel-microcode - 3.20220510.0ubuntu0.20.04.1
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-120.136
linux-image-5.4.0-153-generic-lpae - 5.4.0-120.136
linux-image-unsigned-5.4.0-153-generic - 5.4.0-120.136
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-120.136
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1080.87
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1085.90
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1031.37~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1085.90
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1080.87
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1012.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1076.82
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1048.51
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-51.58~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-51.58~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-51.58~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-51.58~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-51.58~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1028.32
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1017.19
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1010.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1070.75
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1078.86
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-120.136
linux-image-5.4.0-105-lowlatency - 5.4.0-120.136
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1080.87
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1031.35~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1085.90
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1031.37~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1085.90
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1080.87
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1033.40~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1012.17~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1076.82
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1048.51
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-51.58~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-51.58~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-51.58~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1028.32
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1017.19
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1010.14~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1070.75
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1078.86
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1036.43~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-15
2022-06-15
CVE-2022-21125
CVE-2022-21166 on Ubuntu 20.04 LTS (focal) - medium.
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-21166` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
intel-microcode - 3.20220510.0ubuntu0.20.04.1
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-120.136
linux-image-5.4.0-153-generic-lpae - 5.4.0-120.136
linux-image-unsigned-5.4.0-153-generic - 5.4.0-120.136
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-120.136
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1080.87
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1085.90
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1031.37~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1085.90
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1080.87
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1012.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1076.82
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1048.51
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-51.58~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-51.58~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-51.58~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-51.58~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-51.58~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1028.32
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1017.19
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1010.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1070.75
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1078.86
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-120.136
linux-image-5.4.0-105-lowlatency - 5.4.0-120.136
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1080.87
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1031.35~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1085.90
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1031.37~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1085.90
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1080.87
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1033.40~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1012.17~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1076.82
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1048.51
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-51.58~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-51.58~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-51.58~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1028.32
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1017.19
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1010.14~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1070.75
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1078.86
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1036.43~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-15
2022-06-15
CVE-2022-21166
CVE-2022-21385 on Ubuntu 20.04 LTS (focal) - low.
A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Update Instructions:
Run `sudo pro fix CVE-2022-21385` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-08-29
CVE-2022-21385
cascardo> rds module automatically loading is blocked by default
CVE-2022-21499 on Ubuntu 20.04 LTS (focal) - high.
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions.
Update Instructions:
Run `sudo pro fix CVE-2022-21499` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1030.36~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-48.54~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-48.54~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1014.15
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1042.47
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1028.31~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1030.36~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-48.54~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-48.54~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-48.54~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1014.15
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1042.47
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-05-24
2022-05-24
2022-05-24
CVE-2022-21499
CVE-2022-21505 on Ubuntu 20.04 LTS (focal) - medium.
Kernel lockdown bypass when UEFI secure boot is disabled / unavailable and IMA appraisal is enabled. It was discovered that the Integrity Measurement Architecture (IMA) implementation in the Linux kernel did not properly enforce policy in certain conditions. A privileged attacker could use this to bypass Kernel lockdown restrictions.
Update Instructions:
Run `sudo pro fix CVE-2022-21505` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-128.144
linux-image-5.4.0-153-generic-lpae - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-generic - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-128.144
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1090.98
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1034.38
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1076.81
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1071.81
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-128.144
linux-image-5.4.0-105-lowlatency - 5.4.0-128.144
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1047.52
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1090.98
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1034.38
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1076.81
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-50.56~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1019.24~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-19
2022-07-19
2022-07-19
https://bugzilla.redhat.com/show_bug.cgi?id=2106830
CVE-2022-21505
alexmurray> This only allows to bypass kernel lockdown when secure boot is *disabled* - affects upstream kernels since 5.4
CVE-2022-2153 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. It was discovered that the KVM implementation in the Linux kernel did not properly handle virtual CPUs without APICs in certain situations. A local attacker could possibly use this to cause a denial of service (host system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-2153` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-132.148
linux-image-5.4.0-153-generic-lpae - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-generic - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-132.148
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1050.56
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1087.94
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1037.42
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1079.85
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1087.96
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1074.85
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-132.148
linux-image-5.4.0-105-lowlatency - 5.4.0-132.148
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1050.56
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1087.94
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1037.42
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1079.85
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1087.96
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-31
2022-08-31
CVE-2022-2153
sbeattie> PoC is attached to oss-security email.
CVE-2022-2196 on Ubuntu 20.04 LTS (focal) - medium.
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
Update Instructions:
Run `sudo pro fix CVE-2022-2196` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-146.163
linux-image-5.4.0-153-generic-lpae - 5.4.0-146.163
linux-image-unsigned-5.4.0-153-generic - 5.4.0-146.163
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-146.163
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1099.107
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1105.111
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1105.111
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1060.66
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1102.111
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1096.103
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1066.70
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1046.51
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1088.94
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1059.67
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1098.107
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1082.93
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-146.163
linux-image-5.4.0-105-lowlatency - 5.4.0-146.163
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1099.107
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1105.111
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1105.111
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1060.66
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1102.111
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1096.103
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1066.70
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1046.51
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1088.94
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1059.67
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1098.107
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1023.27
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-01-09
2023-01-09
CVE-2022-2196
CVE-2022-22942 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in the vmwgfx driver that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. Exploiting this vulnerability requires an attacker to have access to either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an ioctl() on the resulting file descriptor. Systems without the vmwgfx driver loaded are not affected. It was discovered that the VMware Virtual GPU driver in the Linux kernel did not properly handle certain failure conditions, leading to a stale entry in the file descriptor table. A local attacker could use this to expose sensitive information or possibly gain administrative privileges.
Update Instructions:
Run `sudo pro fix CVE-2022-22942` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-100.113
linux-image-5.4.0-153-generic-lpae - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-generic - 5.4.0-100.113
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-100.113
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1066.69
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1014.15~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1014.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1028.31
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1065.69
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-30.33~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-30.33~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-30.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1015.16
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1056.58
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1064.68
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1018.22~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1053.60
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-100.113
linux-image-5.4.0-105-lowlatency - 5.4.0-100.113
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1066.69
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1014.15~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1070.73
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1014.16~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1070.73
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1028.31
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1065.69
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1063.66
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1034.35
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-30.33~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-30.33~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-30.33~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1015.16
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1056.58
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1064.68
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1018.22~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-01-28
2022-01-28
CVE-2022-22942
CVE-2022-23036 on Ubuntu 20.04 LTS (focal) - medium.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest.
Update Instructions:
Run `sudo pro fix CVE-2022-23036` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-10
2022-03-10
Demi Marie Obenour and Simon Gaiser
CVE-2022-23036
CVE-2022-23037 on Ubuntu 20.04 LTS (focal) - medium.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest.
Update Instructions:
Run `sudo pro fix CVE-2022-23037` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-10
2022-03-10
Demi Marie Obenour and Simon Gaiser
CVE-2022-23037
CVE-2022-23038 on Ubuntu 20.04 LTS (focal) - medium.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest.
Update Instructions:
Run `sudo pro fix CVE-2022-23038` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-10
2022-03-10
Demi Marie Obenour and Simon Gaiser
CVE-2022-23038
CVE-2022-23039 on Ubuntu 20.04 LTS (focal) - medium.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest.
Update Instructions:
Run `sudo pro fix CVE-2022-23039` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-10
2022-03-10
Demi Marie Obenour and Simon Gaiser
CVE-2022-23039
CVE-2022-23040 on Ubuntu 20.04 LTS (focal) - medium.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest.
Update Instructions:
Run `sudo pro fix CVE-2022-23040` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-10
2022-03-10
Demi Marie Obenour and Simon Gaiser
CVE-2022-23040
CVE-2022-23041 on Ubuntu 20.04 LTS (focal) - medium.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest.
Update Instructions:
Run `sudo pro fix CVE-2022-23041` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-10
2022-03-10
Simon Gaiser
CVE-2022-23041
CVE-2022-23042 on Ubuntu 20.04 LTS (focal) - medium.
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest.
Update Instructions:
Run `sudo pro fix CVE-2022-23042` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-10
2022-03-10
Demi Marie Obenour and Simon Gaiser
CVE-2022-23042
CVE-2022-2318 on Ubuntu 20.04 LTS (focal) - medium.
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-2318` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-128.144
linux-image-5.4.0-153-generic-lpae - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-generic - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-128.144
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1090.98
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1034.38
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1076.81
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1071.81
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-128.144
linux-image-5.4.0-105-lowlatency - 5.4.0-128.144
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1047.52
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1090.98
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1034.38
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1076.81
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1018.23~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-06
2022-07-06
Duoming Zhou
CVE-2022-2318
CVE-2022-23218 on Ubuntu 20.04 LTS (focal) - low.
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Update Instructions:
Run `sudo pro fix CVE-2022-23218` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9.7
libc-bin - 2.31-0ubuntu9.7
libc6 - 2.31-0ubuntu9.7
libc6-amd64 - 2.31-0ubuntu9.7
libc6-armel - 2.31-0ubuntu9.7
libc6-i386 - 2.31-0ubuntu9.7
libc6-lse - 2.31-0ubuntu9.7
libc6-pic - 2.31-0ubuntu9.7
libc6-prof - 2.31-0ubuntu9.7
libc6-s390 - 2.31-0ubuntu9.7
libc6-x32 - 2.31-0ubuntu9.7
locales - 2.31-0ubuntu9.7
locales-all - 2.31-0ubuntu9.7
nscd - 2.31-0ubuntu9.7
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-01-14
2022-01-14
https://sourceware.org/bugzilla/show_bug.cgi?id=28768
CVE-2022-23218
mdeslaur> Ubuntu has stack protector enabled since 2006, so this issue is only a denial of service.
CVE-2022-23219 on Ubuntu 20.04 LTS (focal) - low.
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Update Instructions:
Run `sudo pro fix CVE-2022-23219` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9.7
libc-bin - 2.31-0ubuntu9.7
libc6 - 2.31-0ubuntu9.7
libc6-amd64 - 2.31-0ubuntu9.7
libc6-armel - 2.31-0ubuntu9.7
libc6-i386 - 2.31-0ubuntu9.7
libc6-lse - 2.31-0ubuntu9.7
libc6-pic - 2.31-0ubuntu9.7
libc6-prof - 2.31-0ubuntu9.7
libc6-s390 - 2.31-0ubuntu9.7
libc6-x32 - 2.31-0ubuntu9.7
locales - 2.31-0ubuntu9.7
locales-all - 2.31-0ubuntu9.7
nscd - 2.31-0ubuntu9.7
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-01-14
2022-01-14
https://sourceware.org/bugzilla/show_bug.cgi?id=22542
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1961117
CVE-2022-23219
mdeslaur> Ubuntu has stack protector enabled since 2006, so this issue is only a denial of service.
CVE-2022-23222 on Ubuntu 20.04 LTS (focal) - high.
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-23222` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-37.42~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1019.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-37.42~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-37.42~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-01-14
2022-01-14
tr3e wang
CVE-2022-23222
sbeattie> Ubuntu 21.10 / 5.13+ kernels disable unprivileged BPF by default. kernels 5.8 and older are not affected, priority high is for 5.10 and 5.11 based kernels only
CVE-2022-2327 on Ubuntu 20.04 LTS (focal) - medium.
io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859
Update Instructions:
Run `sudo pro fix CVE-2022-2327` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-22
CVE-2022-2327
rodrigo-zaiden> duplicate or much related to CVE-2022-2209 sbeattie> initial investigation indicates that this likely only affects 5.10 and earlier, but not as far back as 5.4. But everything about this issue is unclear.
CVE-2022-2380 on Ubuntu 20.04 LTS (focal) - low.
The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel. Zheyu Ma discovered that the Silicon Motion SM712 framebuffer driver in the Linux kernel did not properly handle very small reads. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-2380` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-07-12
2022-07-12
Zheyu Ma
CVE-2022-2380
CVE-2022-23825 on Ubuntu 20.04 LTS (focal) - medium.
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-12
AMD internally
2022-07-12
CVE-2022-23825
sbeattie> related to Retbleed, likely addressed in that patch series. cascardo> general BTC, addressed with IBPB and BTC_NO
CVE-2022-23960 on Ubuntu 20.04 LTS (focal) - high.
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by ARM to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-23960` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-35.40~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-35.40~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-35.40~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-35.40~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-35.40~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1021.26~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-03-08
2022-03-08
Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida
CVE-2022-23960
sbeattie> unprivileged eBPF was already disabled by default for 5.13 and newer kernels ARM specific issue
CVE-2022-24448 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. Lyu Tao discovered that the NFS implementation in the Linux kernel did not properly handle requests to open a directory on a regular file. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-24448` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-109.123
linux-image-5.4.0-153-generic-lpae - 5.4.0-109.123
linux-image-unsigned-5.4.0-153-generic - 5.4.0-109.123
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-109.123
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1072.77
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1022.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1077.80
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1022.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1077.80
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1035.38
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1072.77
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1024.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1068.71
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1039.40
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-40.45~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-40.45~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1020.22
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1011.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1024.26
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1070.76
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1059.67
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-109.123
linux-image-5.4.0-105-lowlatency - 5.4.0-109.123
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1072.77
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1022.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1077.80
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1022.26~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1077.80
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1035.38
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1072.77
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1024.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1068.71
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1039.40
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-40.45~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-40.45~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-40.45~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1020.22
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1011.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1062.65
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1024.26
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1070.76
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1027.32~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-02-04
2022-02-04
Lyu Tao
CVE-2022-24448
CVE-2022-24958 on Ubuntu 20.04 LTS (focal) - medium.
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-24958` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1030.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-48.54~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-48.54~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1014.15
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1028.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-48.54~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-48.54~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-48.54~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1014.15
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-02-11
2022-02-11
CVE-2022-24958
CVE-2022-24959 on Ubuntu 20.04 LTS (focal) - negligible.
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. It was discovered that the YAM AX.25 device driver in the Linux kernel did not properly deallocate memory in some error conditions. A local privileged attacker could use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2022-24959` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-109.123
linux-image-5.4.0-153-generic-lpae - 5.4.0-109.123
linux-image-unsigned-5.4.0-153-generic - 5.4.0-109.123
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-109.123
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1072.77
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1022.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1077.80
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1022.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1077.80
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1035.38
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1072.77
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1024.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1068.71
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1039.40
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-40.45~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-40.45~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-40.45~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1020.22
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1011.11
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1024.26
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1070.76
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1059.67
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-109.123
linux-image-5.4.0-105-lowlatency - 5.4.0-109.123
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1072.77
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1022.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1077.80
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1022.26~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1077.80
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1035.38
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1072.77
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1024.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1068.71
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1039.40
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-40.45~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-40.45~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-40.45~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1020.22
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1011.11
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1062.65
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1024.26
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1070.76
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1027.32~20.04.1
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2022 Canonical Ltd.
2022-02-11
2022-02-11
CVE-2022-24959
sbeattie> requires CAP_NET_ADMIN in the init namespace to exploit
CVE-2022-2503 on Ubuntu 20.04 LTS (focal) - medium.
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 It was discovered that the device-mapper verity (dm-verity) driver in the Linux kernel did not properly verify targets being loaded into the device- mapper table. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-2503` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-126.142
linux-image-5.4.0-153-generic-lpae - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-generic - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-126.142
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1085.92
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1046.51
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1033.37
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1083.91
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1070.80
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-126.142
linux-image-5.4.0-105-lowlatency - 5.4.0-126.142
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1085.92
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1046.51
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1033.37
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1075.80
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1083.91
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1017.22~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-12
2022-08-12
CVE-2022-2503
CVE-2022-25258 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. It was discovered that the USB gadget subsystem in the Linux kernel did not properly validate interface descriptor requests. An attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-25258` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-110.124
linux-image-5.4.0-153-generic-lpae - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-generic - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-110.124
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1021.23
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1027.30
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1071.77
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1060.68
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-110.124
linux-image-5.4.0-105-lowlatency - 5.4.0-110.124
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1078.81
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1071.76
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1021.23
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1027.30
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1071.77
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1028.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-02-16
2022-02-16
CVE-2022-25258
CVE-2022-25265 on Ubuntu 20.04 LTS (focal) - negligible.
In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2022 Canonical Ltd.
2022-02-16
https://bugzilla.suse.com/show_bug.cgi?id=1196134
https://bugzilla.redhat.com/show_bug.cgi?id=2055499
CVE-2022-25265
sbeattie> this is in place so that ancient binaries will continue to work; if an attacker can link a modern binary to allow this, they could just create and execute a binary. need to validate that we don't ever ship binaries without GNU_PT_STACK
CVE-2022-25375 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. It was discovered that the Remote NDIS (RNDIS) USB gadget implementation in the Linux kernel did not properly validate the size of the RNDIS_MSG_SET command. An attacker could possibly use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-25375` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-02-20
2022-02-20
CVE-2022-25375
sbeattie> fix should also include followup commit 65f3324f4b6f ("usb: gadget: rndis: prevent integer overflow in rndis_set_response()")
CVE-2022-25636 on Ubuntu 20.04 LTS (focal) - high.
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-25636` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-104.118
linux-image-5.4.0-153-generic-lpae - 5.4.0-104.118
linux-image-unsigned-5.4.0-153-generic - 5.4.0-104.118
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-104.118
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1072.75
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1072.75
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1030.33
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1067.71
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1036.37
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-35.40~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-35.40~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-35.40~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1017.19
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1010.10
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1058.61
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1027.30
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1066.71
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1055.62
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-104.118
linux-image-5.4.0-105-lowlatency - 5.4.0-104.118
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1068.72
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1072.75
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1017.19~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1072.75
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1030.33
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1067.71
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1065.68
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1036.37
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-35.40~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-35.40~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-35.40~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1017.19
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1010.10
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1058.61
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1027.30
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1066.71
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1021.26~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-02-22
2022-02-22
CVE-2022-25636
CVE-2022-2585 on Ubuntu 20.04 LTS (focal) - high.
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-2585` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-46.49~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1048.55
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-46.49~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-46.49~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1048.55
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1016.20~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-08-09
2022-08-09
cascardo
An independent security researcher working with SSD Secure Disclosure
2022-08-09
CVE-2022-2585
sbeattie> introduced by 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to a pid not a task") (v5.7)
CVE-2022-2586 on Ubuntu 20.04 LTS (focal) - high.
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-2586` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-124.140
linux-image-5.4.0-153-generic-lpae - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-generic - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-124.140
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1083.90
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1086.94
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1080.86
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-46.49~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1031.35
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1048.55
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1081.89
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1068.78
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-124.140
linux-image-5.4.0-105-lowlatency - 5.4.0-124.140
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1083.90
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1044.49
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1086.94
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1080.86
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-46.49~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1031.35
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1073.78
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-46.49~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1048.55
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1081.89
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1016.20~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-08-09
2022-08-09
cascardo
Team Orca of Sea Security (@seasecresponse) working with Trend Micro's Zero Day Initiative
2022-08-09
CVE-2022-2586
sbeattie> ZDI-CAN-17470
CVE-2022-2588 on Ubuntu 20.04 LTS (focal) - high.
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-2588` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-124.140
linux-image-5.4.0-153-generic-lpae - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-generic - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-124.140
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1083.90
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1086.94
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1080.86
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-46.49~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1031.35
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1048.55
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1081.89
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1068.78
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-124.140
linux-image-5.4.0-105-lowlatency - 5.4.0-124.140
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1083.90
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1044.49
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1086.94
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1080.86
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-46.49~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1031.35
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1073.78
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-46.49~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1048.55
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1081.89
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1016.20~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-08-09
2022-08-09
cascardo
Zhenpeng Lin working with Trend Micro's Zero Day Initiative
2022-08-09
CVE-2022-2588
sbeattie> ZDI-CAN-17440
CVE-2022-2602 on Ubuntu 20.04 LTS (focal) - high.
io_uring UAF, Unix SCM garbage collection David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-2602` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-131.147
linux-image-5.4.0-153-generic-lpae - 5.4.0-131.147
linux-image-unsigned-5.4.0-153-generic - 5.4.0-131.147
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-131.147
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1088.96
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1049.55
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1092.101
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1056.60
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-52.58~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1036.41
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1054.61
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1086.95
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1021.27~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1073.84
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-131.147
linux-image-5.4.0-105-lowlatency - 5.4.0-131.147
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1088.96
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1049.55
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1092.101
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1056.60
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-52.58~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1036.41
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-52.58~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1054.61
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1086.95
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1021.27~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-10-18
2022-10-18
cascardo
David Bouman and Billy Jheng Bing Jhong working with Trend Micro's Zero Day Initiative
2022-10-18
CVE-2022-2602
sbeattie> ZDI-CAN-17428
CVE-2022-26353 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
Update Instructions:
Run `sudo pro fix CVE-2022-26353` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.23
qemu-block-extra - 1:4.2-3ubuntu6.23
qemu-guest-agent - 1:4.2-3ubuntu6.23
qemu-kvm - 1:4.2-3ubuntu6.23
qemu-system - 1:4.2-3ubuntu6.23
qemu-system-arm - 1:4.2-3ubuntu6.23
qemu-system-common - 1:4.2-3ubuntu6.23
qemu-system-data - 1:4.2-3ubuntu6.23
qemu-system-gui - 1:4.2-3ubuntu6.23
qemu-system-mips - 1:4.2-3ubuntu6.23
qemu-system-misc - 1:4.2-3ubuntu6.23
qemu-system-ppc - 1:4.2-3ubuntu6.23
qemu-system-s390x - 1:4.2-3ubuntu6.23
qemu-system-sparc - 1:4.2-3ubuntu6.23
qemu-system-x86 - 1:4.2-3ubuntu6.23
qemu-system-x86-microvm - 1:4.2-3ubuntu6.23
qemu-system-x86-xen - 1:4.2-3ubuntu6.23
qemu-user - 1:4.2-3ubuntu6.23
qemu-user-binfmt - 1:4.2-3ubuntu6.23
qemu-user-static - 1:4.2-3ubuntu6.23
qemu-utils - 1:4.2-3ubuntu6.23
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-03-16
2022-03-16
mdeslaur
https://bugzilla.redhat.com/show_bug.cgi?id=2063197
CVE-2022-26353
CVE-2022-26354 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
Update Instructions:
Run `sudo pro fix CVE-2022-26354` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.23
qemu-block-extra - 1:4.2-3ubuntu6.23
qemu-guest-agent - 1:4.2-3ubuntu6.23
qemu-kvm - 1:4.2-3ubuntu6.23
qemu-system - 1:4.2-3ubuntu6.23
qemu-system-arm - 1:4.2-3ubuntu6.23
qemu-system-common - 1:4.2-3ubuntu6.23
qemu-system-data - 1:4.2-3ubuntu6.23
qemu-system-gui - 1:4.2-3ubuntu6.23
qemu-system-mips - 1:4.2-3ubuntu6.23
qemu-system-misc - 1:4.2-3ubuntu6.23
qemu-system-ppc - 1:4.2-3ubuntu6.23
qemu-system-s390x - 1:4.2-3ubuntu6.23
qemu-system-sparc - 1:4.2-3ubuntu6.23
qemu-system-x86 - 1:4.2-3ubuntu6.23
qemu-system-x86-microvm - 1:4.2-3ubuntu6.23
qemu-system-x86-xen - 1:4.2-3ubuntu6.23
qemu-user - 1:4.2-3ubuntu6.23
qemu-user-binfmt - 1:4.2-3ubuntu6.23
qemu-user-static - 1:4.2-3ubuntu6.23
qemu-utils - 1:4.2-3ubuntu6.23
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-03-16
2022-03-16
mdeslaur
https://bugzilla.redhat.com/show_bug.cgi?id=2063257
CVE-2022-26354
CVE-2022-26365 on Ubuntu 20.04 LTS (focal) - medium.
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-26365` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-128.144
linux-image-5.4.0-153-generic-lpae - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-generic - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-128.144
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1090.98
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1034.38
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1076.81
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1055.62
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1071.81
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-128.144
linux-image-5.4.0-105-lowlatency - 5.4.0-128.144
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1047.52
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1090.98
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1034.38
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1076.81
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1055.62
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1018.23~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-05
2022-07-05
Roger Pau Monné
CVE-2022-26365
CVE-2022-26373 on Ubuntu 20.04 LTS (focal) - medium.
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-26373` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-128.144
linux-image-5.4.0-153-generic-lpae - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-generic - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-128.144
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1090.98
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1034.38
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1005.7
linux-image-unsigned-5.4.0-1014-iot - 5.4.0-1005.7
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1076.81
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1071.81
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-128.144
linux-image-5.4.0-105-lowlatency - 5.4.0-128.144
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1047.52
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1090.98
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1034.38
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1005.7
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1076.81
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-50.56~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1020.24
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-18
2022-08-18
Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba
CVE-2022-26373
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-2639 on Ubuntu 20.04 LTS (focal) - medium.
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. It was discovered that the Open vSwitch implementation in the Linux kernel contained an out of bounds write vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-2639` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-122.138
linux-image-5.4.0-153-generic-lpae - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-generic - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-122.138
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1081.88
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1015.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1042.47
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1013.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1029.33
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1042.47
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1079.87
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1066.76
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-122.138
linux-image-5.4.0-105-lowlatency - 5.4.0-122.138
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1081.88
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1015.19~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1042.47
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1013.18~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1029.33
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1071.76
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1042.47
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1079.87
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-01
2022-09-01
CVE-2022-2639
CVE-2022-26490 on Ubuntu 20.04 LTS (focal) - medium.
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. It was discovered that the ST21NFCA NFC driver in the Linux kernel did not properly validate the size of certain data in EVT_TRANSACTION events. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-26490` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-110.124
linux-image-5.4.0-153-generic-lpae - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-generic - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-110.124
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1021.23
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1071.77
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1060.68
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-110.124
linux-image-5.4.0-105-lowlatency - 5.4.0-110.124
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1078.81
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1071.76
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1021.23
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1071.77
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-06
2022-03-06
CVE-2022-26490
CVE-2022-2663 on Ubuntu 20.04 LTS (focal) - medium.
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering.
Update Instructions:
Run `sudo pro fix CVE-2022-2663` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-136.153
linux-image-5.4.0-153-generic-lpae - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-generic - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-136.153
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1093.101
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1097.106
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1091.98
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1041.46
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1091.100
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1078.89
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-136.153
linux-image-5.4.0-105-lowlatency - 5.4.0-136.153
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1093.101
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1097.106
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1091.98
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1041.46
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1091.100
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-01
2022-09-01
David Leadbeater
CVE-2022-2663
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-26966 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. It was discovered that the USB SR9700 ethernet device driver for the Linux kernel did not properly validate the length of requests from the device. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-26966` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1028.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-12
2022-03-12
CVE-2022-26966
CVE-2022-27223 on Ubuntu 20.04 LTS (focal) - low.
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. It was discovered that the Xilinx USB2 device gadget driver in the Linux kernel did not properly validate endpoint indices from the host. A physically proximate attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-27223` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-110.124
linux-image-5.4.0-153-generic-lpae - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-generic - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-110.124
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1021.23
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1071.77
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1060.68
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-110.124
linux-image-5.4.0-105-lowlatency - 5.4.0-110.124
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1078.81
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1073.78
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1071.76
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1021.23
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1071.77
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-03-16
2022-03-16
CVE-2022-27223
CVE-2022-27666 on Ubuntu 20.04 LTS (focal) - medium.
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-27666` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-107.121
linux-image-5.4.0-153-generic-lpae - 5.4.0-107.121
linux-image-unsigned-5.4.0-153-generic - 5.4.0-107.121
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-107.121
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1021.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1074.77
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1074.77
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1032.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1069.73
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1067.70
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1038.39
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-39.44~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-39.44~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-39.44~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-39.44~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-39.44~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1019.21
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1061.64
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1031.34
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1069.75
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1058.65
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-107.121
linux-image-5.4.0-105-lowlatency - 5.4.0-107.121
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1071.76
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1021.23~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1074.77
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1021.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1074.77
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1032.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1069.73
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1067.70
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1038.39
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-39.44~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-39.44~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-39.44~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1019.21
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1061.64
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1031.34
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1069.75
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1025.30~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-23
2022-03-23
CVE-2022-27666
CVE-2022-27672 on Ubuntu 20.04 LTS (focal) - medium.
When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-27672` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1036.40~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1038.45~20.04.1.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1034.42~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-72.79~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1035.41~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1036.40~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1038.45~20.04.1.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1034.42~20.04.1
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-72.79~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-72.79~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1035.41~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-03-01
2023-03-01
CVE-2022-27672
mdeslaur> hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary
CVE-2022-27950 on Ubuntu 20.04 LTS (focal) - medium.
In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.
Update Instructions:
Run `sudo pro fix CVE-2022-27950` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-03-28
CVE-2022-27950
CVE-2022-28356 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2022-28356` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-04-02
2022-04-02
赵子轩
CVE-2022-28356
cascardo> LLC sockets are not supported on network namespaces and require CAP_NET_RAW
CVE-2022-28388 on Ubuntu 20.04 LTS (focal) - medium.
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-28388` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-121.137
linux-image-5.4.0-153-generic-lpae - 5.4.0-121.137
linux-image-unsigned-5.4.0-153-generic - 5.4.0-121.137
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-121.137
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1081.88
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-52.59~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-52.59~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-52.59~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-52.59~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-52.59~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1029.33
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1079.87
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1066.76
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-121.137
linux-image-5.4.0-105-lowlatency - 5.4.0-121.137
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1081.88
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-52.59~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-52.59~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-52.59~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1029.33
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1071.76
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1079.87
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-04-03
2022-04-03
CVE-2022-28388
CVE-2022-28389 on Ubuntu 20.04 LTS (focal) - medium.
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. It was discovered that the Microchip CAN BUS Analyzer interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-28389` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-04-03
2022-04-03
CVE-2022-28389
CVE-2022-28390 on Ubuntu 20.04 LTS (focal) - medium.
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2022-28390` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1030.36~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-48.54~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-48.54~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1014.15
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1028.31~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1030.36~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-48.54~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-48.54~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-48.54~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1014.15
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-04-03
2022-04-03
CVE-2022-28390
CVE-2022-2873 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. Zheyu Ma discovered that the Intel iSMT SMBus host controller driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-2873` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1017.22~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-22
2022-08-22
Zheyu Ma
https://bugzilla.redhat.com/show_bug.cgi?id=2119048
https://bugzilla.suse.com/show_bug.cgi?id=1202558
CVE-2022-2873
CVE-2022-28893 on Ubuntu 20.04 LTS (focal) - medium.
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. Felix Fu discovered that the Sun RPC implementation in the Linux kernel did not properly handle socket states, leading to a use-after-free vulnerability. A remote attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-28893` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-124.140
linux-image-5.4.0-153-generic-lpae - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-generic - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-124.140
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1083.90
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1086.94
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1080.86
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-43.46~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-43.46~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-43.46~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1031.35
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-43.46~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1081.89
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1068.78
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-124.140
linux-image-5.4.0-105-lowlatency - 5.4.0-124.140
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1083.90
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1044.49
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1086.94
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1080.86
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-43.46~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1031.35
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1073.78
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-43.46~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1081.89
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1016.20~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-04-11
2022-04-11
Felix Fu
CVE-2022-28893
CVE-2022-2905 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. Hsin-Wei Hung discovered that the BPF subsystem in the Linux kernel contained an out-of-bounds read vulnerability in the x86 JIT compiler. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-2905` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-09
2022-09-09
Hsin-Wei Hung
CVE-2022-2905
sbeattie> unprivileged BPF is disabled by default in Ubuntu kernels; thus administrative privileges are required to exploit this unless a non-default configuration is used where the kernel.unprivileged_bpf_disabled sysctl has been set to 0.
CVE-2022-29156 on Ubuntu 20.04 LTS (focal) - medium.
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. Miaoqian Lin discovered that the RDMA Transport (RTRS) client implementation in the Linux kernel contained a double-free when handling certain error conditions. An attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-29156` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-41.46~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1023.25~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-41.46~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-41.46~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1028.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-04-13
2022-04-13
Miaoqian Lin
CVE-2022-29156
CVE-2022-2938 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.
Update Instructions:
Run `sudo pro fix CVE-2022-2938` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-109.123
linux-image-5.4.0-153-generic-lpae - 5.4.0-109.123
linux-image-unsigned-5.4.0-153-generic - 5.4.0-109.123
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-109.123
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1072.77
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1077.80
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1077.80
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1035.38
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1072.77
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1068.71
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1039.40
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1020.22
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1024.26
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1070.76
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1059.67
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-109.123
linux-image-5.4.0-105-lowlatency - 5.4.0-109.123
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1072.77
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1077.80
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1077.80
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1035.38
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1072.77
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1068.71
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1039.40
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1020.22
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1062.65
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1024.26
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1070.76
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-23
CVE-2022-2938
sbeattie> on s390x/focal and newer, CONFIG_PSI_DEFAULT_DISABLED is set (see LP: #1876044), so requires a boot command line argument; other arches have it enabled.
CVE-2022-29581 on Ubuntu 20.04 LTS (focal) - high.
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-29581` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-113.127
linux-image-5.4.0-153-generic-lpae - 5.4.0-113.127
linux-image-unsigned-5.4.0-153-generic - 5.4.0-113.127
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-113.127
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1025.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1080.83
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1025.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1080.83
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1036.39
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1072.77
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1043.44
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-44.49~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-44.49~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-44.49~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-44.49~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-44.49~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1023.25
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1038.42
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1073.79
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1062.70
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-113.127
linux-image-5.4.0-105-lowlatency - 5.4.0-113.127
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1075.80
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1025.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1080.83
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1025.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1080.83
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1036.39
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1075.80
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1072.77
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1043.44
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-44.49~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-44.49~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-44.49~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1023.25
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1065.68
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1038.42
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1073.79
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1030.35~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-05-16
2022-05-16
Kyle Zeng
2022-05-16
CVE-2022-29581
CVE-2022-29582 on Ubuntu 20.04 LTS (focal) - high.
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
Update Instructions:
Run `sudo pro fix CVE-2022-29582` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-21.21~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1011.13~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1008.9~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1009.10~20.04.2
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1008.9~20.04.3
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-21.21~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-21.21~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1011.13~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-04-22
CVE-2022-29582
CVE-2022-2959 on Ubuntu 20.04 LTS (focal) - medium.
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. Selim Enes Karaduman discovered that a race condition existed in the pipe buffers implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly escalate privileges.
Update Instructions:
Run `sudo pro fix CVE-2022-2959` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-25
2022-08-25
Selim Enes Karaduman
CVE-2022-2959
CVE-2022-2964 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. Jann Horn discovered that the ASIX AX88179/178A USB Ethernet driver in the Linux kernel contained multiple out-of-bounds vulnerabilities. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-2964` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-110.124
linux-image-5.4.0-153-generic-lpae - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-generic - 5.4.0-110.124
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-110.124
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1021.23
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1063.66
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1027.30
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1071.77
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1060.68
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-110.124
linux-image-5.4.0-105-lowlatency - 5.4.0-110.124
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1073.78
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1078.81
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1078.81
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1073.78
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1071.76
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1040.41
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1021.23
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1063.66
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1027.30
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1071.77
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-09
2022-09-09
Jann Horn
CVE-2022-2964
CVE-2022-2978 on Ubuntu 20.04 LTS (focal) - medium.
A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-2978` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-132.148
linux-image-5.4.0-153-generic-lpae - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-generic - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-132.148
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1050.56
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1087.94
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1037.42
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1079.85
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1087.96
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1074.85
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-132.148
linux-image-5.4.0-105-lowlatency - 5.4.0-132.148
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1050.56
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1087.94
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1037.42
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1079.85
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1087.96
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-24
2022-08-24
butt3rflyh4ck, Hao Sun, and Jiacheng Xu
https://bugzilla.redhat.com/show_bug.cgi?id=2120664
CVE-2022-2978
sbeattie> unfixed upstream as of 2022/09/24
CVE-2022-29900 on Ubuntu 20.04 LTS (focal) - medium.
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 processors, the branch predictor could by mis-trained for return instructions in certain circumstances. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-29900` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-46.49~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1016.20~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-46.49~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-46.49~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1016.20~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-12
2022-07-12
Johannes Wikner and Kaveh Razavi
2022-07-12
CVE-2022-29900
sbeattie> RetBleed on AMD Zen 1 and Zen 2 processors rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-29901 on Ubuntu 20.04 LTS (focal) - medium.
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-29901` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-132.148
linux-image-5.4.0-153-generic-lpae - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-generic - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-132.148
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1050.56
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1087.94
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-46.49~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1037.42
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1006.8
linux-image-unsigned-5.4.0-1014-iot - 5.4.0-1006.8
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1079.85
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-46.49~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1087.96
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1074.85
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1017.19~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-132.148
linux-image-5.4.0-105-lowlatency - 5.4.0-132.148
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1050.56
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1087.94
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-46.49~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1037.42
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1006.8
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1079.85
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-46.49~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-46.49~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1087.96
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1020.24
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-12
2022-07-12
Johannes Wikner and Kaveh Razavi
2022-07-12
CVE-2022-29901
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-3028 on Ubuntu 20.04 LTS (focal) - medium.
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-3028` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-132.148
linux-image-5.4.0-153-generic-lpae - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-generic - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-132.148
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1050.56
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1087.94
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1037.42
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1079.85
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1087.96
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1074.85
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-132.148
linux-image-5.4.0-105-lowlatency - 5.4.0-132.148
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1050.56
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1087.94
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1037.42
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1079.85
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1087.96
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-31
2022-08-31
Abhishek Shah
CVE-2022-3028
CVE-2022-30594 on Ubuntu 20.04 LTS (focal) - medium.
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions.
Update Instructions:
Run `sudo pro fix CVE-2022-30594` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-113.127
linux-image-5.4.0-153-generic-lpae - 5.4.0-113.127
linux-image-unsigned-5.4.0-153-generic - 5.4.0-113.127
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-113.127
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1025.27~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1080.83
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1025.29~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1080.83
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1036.39
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1072.77
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1043.44
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-44.49~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-44.49~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-44.49~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-44.49~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-44.49~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1023.25
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1073.79
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1062.70
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-113.127
linux-image-5.4.0-105-lowlatency - 5.4.0-113.127
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1075.80
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1025.27~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1080.83
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1025.29~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1080.83
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1036.39
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1075.80
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1027.32~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1072.77
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1043.44
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-44.49~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-44.49~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-44.49~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1023.25
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1065.68
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1073.79
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1030.35~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-05-12
2022-05-12
Jann Horn
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1972740
CVE-2022-30594
sbeattie> PoC in the project zero post
CVE-2022-3061 on Ubuntu 20.04 LTS (focal) - medium.
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error. It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-3061` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-136.153
linux-image-5.4.0-153-generic-lpae - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-generic - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-136.153
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1093.101
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1097.106
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1091.98
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1041.46
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1059.67
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1091.100
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1078.89
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-136.153
linux-image-5.4.0-105-lowlatency - 5.4.0-136.153
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1093.101
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1097.106
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1091.98
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1041.46
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1059.67
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1091.100
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-01
2022-09-01
CVE-2022-3061
CVE-2022-3077 on Ubuntu 20.04 LTS (focal) - medium.
A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.
Update Instructions:
Run `sudo pro fix CVE-2022-3077` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1017.22~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-09
Zheyu Ma
https://bugzilla.redhat.com/show_bug.cgi?id=2123309
CVE-2022-3077
CVE-2022-3104 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.
Update Instructions:
Run `sudo pro fix CVE-2022-3104` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1045.51
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1045.51
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1018.23~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-14
CVE-2022-3104
CVE-2022-3107 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.
Update Instructions:
Run `sudo pro fix CVE-2022-3107` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-14
CVE-2022-3107
CVE-2022-3108 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-3108` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-147.164
linux-image-5.4.0-153-generic-lpae - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-generic - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-147.164
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1100.108
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1062.68
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1103.112
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1097.104
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1089.95
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1033.36
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1099.108
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1083.94
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-147.164
linux-image-5.4.0-105-lowlatency - 5.4.0-147.164
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1100.108
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1062.68
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1103.112
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1097.104
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1047.52
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1089.95
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1033.36
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1099.108
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-14
2022-12-14
Jiasheng Jiang
https://bugzilla.redhat.com/show_bug.cgi?id=2153052
CVE-2022-3108
CVE-2022-3110 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference.
Update Instructions:
Run `sudo pro fix CVE-2022-3110` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1018.23~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-14
CVE-2022-3110
CVE-2022-3111 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger(). Jiasheng Jiang discovered that the wm8350 charger driver in the Linux kernel did not properly deallocate memory, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-3111` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-14
2022-12-14
Jiasheng Jiang
CVE-2022-3111
CVE-2022-3115 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
Update Instructions:
Run `sudo pro fix CVE-2022-3115` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-126.142
linux-image-5.4.0-153-generic-lpae - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-generic - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-126.142
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1085.92
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1046.51
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1033.37
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1045.51
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1083.91
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1070.80
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-126.142
linux-image-5.4.0-105-lowlatency - 5.4.0-126.142
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1085.92
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1046.51
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1033.37
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1075.80
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1045.51
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1083.91
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1017.22~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-12-14
CVE-2022-3115
cascardo> vulnerability is only reachable at bind time
CVE-2022-3169 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-3169` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-09
2022-09-09
https://bugzilla.redhat.com/show_bug.cgi?id=2125341
https://bugzilla.kernel.org/show_bug.cgi?id=214771
CVE-2022-3169
sbeattie> probably introduced more recently than b60503ba432b ("NVMe: New driver")
CVE-2022-3176 on Ubuntu 20.04 LTS (focal) - medium.
There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 Eric Biggers discovered that a use-after-free vulnerability existed in the io_uring subsystem in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-3176` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-128.144
linux-image-5.4.0-153-generic-lpae - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-generic - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-128.144
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1090.98
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1034.38
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1076.81
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1071.81
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-128.144
linux-image-5.4.0-105-lowlatency - 5.4.0-128.144
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1047.52
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1090.98
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1034.38
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1076.81
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-50.56~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1019.24~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-16
2022-09-16
Eric Biggers
CVE-2022-3176
CVE-2022-3202 on Ubuntu 20.04 LTS (focal) - low.
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. It was discovered that the Journaled File System (JFS) in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-3202` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-09-14
2022-09-14
CVE-2022-3202
CVE-2022-32250 on Ubuntu 20.04 LTS (focal) - high.
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle non-statefule expressions in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-32250` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1031-aws - 5.13.0-1028.31~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.13.0-1031-azure - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.13.0-1033-gcp - 5.13.0-1030.36~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1012.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-52-generic - 5.13.0-48.54~20.04.1
linux-image-5.13.0-52-generic-lpae - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-generic - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-generic-64k - 5.13.0-48.54~20.04.1
linux-image-unsigned-5.13.0-52-lowlatency - 5.13.0-48.54~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.13.0-1017-intel - 5.13.0-1014.15
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1042.47
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.13.0-1036-oracle - 5.13.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1019-aws - 5.13.0-1028.31~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.13.0-1017-azure - 5.13.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1013.16~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.13.0-1021-gcp - 5.13.0-1030.36~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1012.17~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.13.0-37-generic - 5.13.0-48.54~20.04.1
linux-image-5.13.0-37-generic-64k - 5.13.0-48.54~20.04.1
linux-image-5.13.0-37-lowlatency - 5.13.0-48.54~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.13.0-1007-intel - 5.13.0-1014.15
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1042.47
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.13.0-1021-oracle - 5.13.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-06-02
Aaron Adams
CVE-2022-32250
mdeslaur> possible dupe of CVE-2022-1966 sbeattie> addresses ZDI-CAN-17442 and ZDI-CAN-17443
CVE-2022-32296 on Ubuntu 20.04 LTS (focal) - medium.
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2022-32296` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-126.142
linux-image-5.4.0-153-generic-lpae - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-generic - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-126.142
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1085.92
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1046.51
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1033.37
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1083.91
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1070.80
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-126.142
linux-image-5.4.0-105-lowlatency - 5.4.0-126.142
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1085.92
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1046.51
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1033.37
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1075.80
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1044.49
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1083.91
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-05
2022-06-05
Moshe Kol, Amit Klein and Yossi Gilad
https://bugzilla.redhat.com/show_bug.cgi?id=2096901
https://bugzilla.redhat.com/show_bug.cgi?id=2064604
CVE-2022-32296
sbeattie> this is likely a duplicate of CVE-2022-1012
CVE-2022-3239 on Ubuntu 20.04 LTS (focal) - medium.
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. It was discovered that the video4linux driver for Empia based TV cards in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-3239` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-117.132
linux-image-5.4.0-153-generic-lpae - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-generic - 5.4.0-117.132
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-117.132
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1040.44
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1074.79
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1026.29
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1068.72
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1076.83
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1065.75
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-117.132
linux-image-5.4.0-105-lowlatency - 5.4.0-117.132
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1083.87
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1040.44
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1074.79
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1046.48
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1026.29
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1076.83
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-19
2022-09-19
CVE-2022-3239
CVE-2022-32981 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-10
CVE-2022-32981
CVE-2022-3303 on Ubuntu 20.04 LTS (focal) - medium.
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-3303` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-136.153
linux-image-5.4.0-153-generic-lpae - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-generic - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-136.153
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1093.101
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1097.106
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1091.98
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1041.46
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1091.100
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1078.89
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-136.153
linux-image-5.4.0-105-lowlatency - 5.4.0-136.153
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1093.101
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1097.106
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1091.98
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1041.46
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1091.100
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-27
2022-09-27
butt3rflyh4ck
CVE-2022-3303
CVE-2022-3344 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). Maxim Levitsky discovered that the KVM nested virtualization (SVM) implementation for AMD processors in the Linux kernel did not properly handle nested shutdown execution. An attacker in a guest vm could use this to cause a denial of service (host kernel crash)
Update Instructions:
Run `sudo pro fix CVE-2022-3344` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-25
2022-10-25
Maxim Levitsky
https://bugzilla.redhat.com/show_bug.cgi?id=2130278
CVE-2022-3344
sbeattie> it's possible only the first two commits are necessary
CVE-2022-33740 on Ubuntu 20.04 LTS (focal) - medium.
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-33740` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-128.144
linux-image-5.4.0-153-generic-lpae - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-generic - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-128.144
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1090.98
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1034.38
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1076.81
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1071.81
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-128.144
linux-image-5.4.0-105-lowlatency - 5.4.0-128.144
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1047.52
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1090.98
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1034.38
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1076.81
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1018.23~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-05
2022-07-05
Roger Pau Monné
CVE-2022-33740
CVE-2022-33741 on Ubuntu 20.04 LTS (focal) - medium.
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-33741` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-128.144
linux-image-5.4.0-153-generic-lpae - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-generic - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-128.144
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1090.98
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1034.38
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1076.81
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1071.81
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-128.144
linux-image-5.4.0-105-lowlatency - 5.4.0-128.144
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1047.52
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1090.98
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1034.38
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1076.81
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1018.23~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-05
2022-07-05
CVE-2022-33741
CVE-2022-33742 on Ubuntu 20.04 LTS (focal) - medium.
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-33742` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-128.144
linux-image-5.4.0-153-generic-lpae - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-generic - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-128.144
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1090.98
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1034.38
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1076.81
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1071.81
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-128.144
linux-image-5.4.0-105-lowlatency - 5.4.0-128.144
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1047.52
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1090.98
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1034.38
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1076.81
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1018.23~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-05
2022-07-05
CVE-2022-33742
CVE-2022-33743 on Ubuntu 20.04 LTS (focal) - medium.
network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. Jan Beulich discovered that the Xen network device frontend driver in the Linux kernel incorrectly handled socket buffers (skb) references when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash).
Update Instructions:
Run `sudo pro fix CVE-2022-33743` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1055.62
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1055.62
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1018.23~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-05
2022-07-05
Jan Beulich
CVE-2022-33743
CVE-2022-33744 on Ubuntu 20.04 LTS (focal) - medium.
Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in the Linux kernel on ARM platforms contained a race condition in certain situations. An attacker in a guest VM could use this to cause a denial of service in the host OS.
Update Instructions:
Run `sudo pro fix CVE-2022-33744` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-128.144
linux-image-5.4.0-153-generic-lpae - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-generic - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-128.144
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1090.98
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1034.38
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1076.81
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1071.81
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-128.144
linux-image-5.4.0-105-lowlatency - 5.4.0-128.144
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1047.52
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1090.98
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1034.38
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1076.81
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1018.23~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-05
2022-07-05
Oleksandr Tyshchenko
CVE-2022-33744
sbeattie> according to the Xen advisory, introduced in 3.13.
CVE-2022-33981 on Ubuntu 20.04 LTS (focal) - medium.
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. Minh Yuan discovered that the floppy driver in the Linux kernel contained a race condition in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-33981` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-122.138
linux-image-5.4.0-153-generic-lpae - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-generic - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-122.138
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1081.88
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1015.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1042.47
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1013.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1029.33
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1042.47
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1079.87
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1066.76
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-122.138
linux-image-5.4.0-105-lowlatency - 5.4.0-122.138
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1081.88
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1015.19~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1042.47
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1013.18~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1029.33
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1071.76
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1042.47
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1079.87
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-18
2022-06-18
Minh Yuan
CVE-2022-33981
CVE-2022-3424 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-3424` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-10
2022-10-10
https://bugzilla.redhat.com/show_bug.cgi?id=2132640
https://bugzilla.suse.com/show_bug.cgi?id=1204166
CVE-2022-3424
sbeattie> unfixed upstream as of 2022/11/28 rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.
CVE-2022-3435 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability. Gwangun Jung discovered a race condition in the IPv4 implementation in the Linux kernel when deleting multipath routes, resulting in an out-of-bounds read. An attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-3435` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-08
2022-10-08
Gwangun Jung
CVE-2022-3435
CVE-2022-34494 on Ubuntu 20.04 LTS (focal) - medium.
rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. It was discovered that the virtio RPMSG bus driver in the Linux kernel contained a double-free vulnerability in certain error conditions. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-34494` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1045.51
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1045.51
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1018.23~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-26
2022-06-26
CVE-2022-34494
CVE-2022-34495 on Ubuntu 20.04 LTS (focal) - medium.
rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. It was discovered that the virtio RPMSG bus driver in the Linux kernel contained a double-free vulnerability in certain error conditions. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-34495` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1045.51
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1045.51
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1018.23~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-26
2022-06-26
CVE-2022-34495
CVE-2022-34918 on Ubuntu 20.04 LTS (focal) - high.
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations.
Update Instructions:
Run `sudo pro fix CVE-2022-34918` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-124.140
linux-image-5.4.0-153-generic-lpae - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-generic - 5.4.0-124.140
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-124.140
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1083.90
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1086.94
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1080.86
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-43.46~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-43.46~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-43.46~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1031.35
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1073.78
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-43.46~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1046.53
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1081.89
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1016.20~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1068.78
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-124.140
linux-image-5.4.0-105-lowlatency - 5.4.0-124.140
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1083.90
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1017.21~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1089.94
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1017.20~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1044.49
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1086.94
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1080.86
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1014.17~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1051.54
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-43.46~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1031.35
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1073.78
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-43.46~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-43.46~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1046.53
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1081.89
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1016.20~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-07-04
2022-07-04
Arthur Mongodin
CVE-2022-34918
CVE-2022-3521 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability. It was discovered that a race condition existed in the Kernel Connection Multiplexor (KCM) socket implementation in the Linux kernel when releasing sockets in certain situations. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-3521` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-16
2022-10-16
CVE-2022-3521
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-3524 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2022-3524` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-135.152
linux-image-5.4.0-153-generic-lpae - 5.4.0-135.152
linux-image-unsigned-5.4.0-153-generic - 5.4.0-135.152
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-135.152
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1092.100
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1098.104
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1098.104
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1096.105
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1090.97
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1060.64
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1040.45
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1082.88
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1055.62
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1090.99
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1025.31~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1077.88
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-135.152
linux-image-5.4.0-105-lowlatency - 5.4.0-135.152
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1092.100
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1098.104
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1098.104
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1096.105
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1090.97
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1060.64
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1040.45
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1082.88
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-56.62~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1055.62
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1090.99
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1025.31~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-16
2022-10-16
CVE-2022-3524
CVE-2022-3543 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211043. It was discovered that a memory leak existed in the Unix domain socket implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2022-3543` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1029.35~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-60.66~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1029.35~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-17
2022-10-17
CVE-2022-3543
CVE-2022-3545 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. It was discovered that the Netronome Ethernet driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-3545` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1057.64
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1057.64
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-17
2022-10-17
CVE-2022-3545
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-3564 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-3564` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-135.152
linux-image-5.4.0-153-generic-lpae - 5.4.0-135.152
linux-image-unsigned-5.4.0-153-generic - 5.4.0-135.152
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-135.152
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1092.100
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1098.104
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1098.104
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1096.105
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1090.97
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1060.64
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1040.45
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1082.88
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1055.62
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1090.99
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1025.31~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1077.88
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-135.152
linux-image-5.4.0-105-lowlatency - 5.4.0-135.152
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1092.100
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1098.104
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1098.104
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1096.105
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1090.97
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1060.64
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1040.45
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1082.88
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-56.62~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1055.62
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1090.99
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1025.31~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-17
2022-10-17
CVE-2022-3564
CVE-2022-3565 on Ubuntu 20.04 LTS (focal) - low.
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088. It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-3565` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-135.152
linux-image-5.4.0-153-generic-lpae - 5.4.0-135.152
linux-image-unsigned-5.4.0-153-generic - 5.4.0-135.152
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-135.152
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1092.100
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1098.104
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1098.104
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1096.105
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1090.97
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1060.64
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1040.45
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1082.88
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1058.66
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1090.99
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1025.31~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1077.88
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-135.152
linux-image-5.4.0-105-lowlatency - 5.4.0-135.152
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1092.100
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1098.104
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1098.104
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1096.105
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1090.97
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1060.64
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1040.45
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1082.88
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-56.62~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1058.66
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1090.99
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1025.31~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-10-17
2022-10-17
CVE-2022-3565
CVE-2022-3566 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability. It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors.
Update Instructions:
Run `sudo pro fix CVE-2022-3566` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-135.152
linux-image-5.4.0-153-generic-lpae - 5.4.0-135.152
linux-image-unsigned-5.4.0-153-generic - 5.4.0-135.152
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-135.152
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1092.100
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1098.104
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1098.104
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1096.105
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1090.97
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1060.64
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1040.45
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1082.88
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1055.62
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1090.99
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1025.31~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1077.88
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-135.152
linux-image-5.4.0-105-lowlatency - 5.4.0-135.152
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1092.100
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1098.104
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1098.104
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1096.105
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1090.97
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1060.64
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1040.45
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1082.88
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-56.62~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1055.62
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1090.99
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1025.31~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-17
2022-10-17
CVE-2022-3566
CVE-2022-3567 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors.
Update Instructions:
Run `sudo pro fix CVE-2022-3567` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-135.152
linux-image-5.4.0-153-generic-lpae - 5.4.0-135.152
linux-image-unsigned-5.4.0-153-generic - 5.4.0-135.152
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-135.152
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1092.100
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1098.104
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1098.104
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1096.105
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1090.97
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1060.64
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1040.45
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1082.88
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1055.62
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1090.99
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1025.31~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1077.88
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-135.152
linux-image-5.4.0-105-lowlatency - 5.4.0-135.152
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1092.100
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1098.104
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1098.104
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1096.105
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1090.97
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1060.64
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1040.45
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1082.88
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-56.62~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1055.62
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1090.99
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1025.31~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-17
2022-10-17
CVE-2022-3567
CVE-2022-3577 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.
Update Instructions:
Run `sudo pro fix CVE-2022-3577` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-126.142
linux-image-5.4.0-153-generic-lpae - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-generic - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-126.142
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1085.92
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1046.51
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1033.37
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1045.51
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1083.91
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1070.80
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-126.142
linux-image-5.4.0-105-lowlatency - 5.4.0-126.142
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1085.92
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1046.51
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1017.23~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1015.18~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1033.37
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1015.20~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1075.80
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1045.51
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1083.91
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1017.22~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-20
CVE-2022-3577
CVE-2022-3586 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-3586` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-136.153
linux-image-5.4.0-153-generic-lpae - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-generic - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-136.153
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1093.101
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1097.106
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1091.98
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1041.46
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1091.100
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1078.89
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-136.153
linux-image-5.4.0-105-lowlatency - 5.4.0-136.153
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1093.101
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1097.106
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1091.98
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1041.46
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1091.100
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-19
2022-10-19
Gwnaun Jung
CVE-2022-3586
sbeattie> ZDI-CAN-18231
CVE-2022-3594 on Ubuntu 20.04 LTS (focal) - negligible.
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2022-3594` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-135.152
linux-image-5.4.0-153-generic-lpae - 5.4.0-135.152
linux-image-unsigned-5.4.0-153-generic - 5.4.0-135.152
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-135.152
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1092.100
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1098.104
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1098.104
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1096.105
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1090.97
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1060.64
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1040.45
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1082.88
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1055.62
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1090.99
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1025.31~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1077.88
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-135.152
linux-image-5.4.0-105-lowlatency - 5.4.0-135.152
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1092.100
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1098.104
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1098.104
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1096.105
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1090.97
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1060.64
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1040.45
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1082.88
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-56.62~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1055.62
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1090.99
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1025.31~20.04.2
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2022 Canonical Ltd.
2022-10-18
2022-10-18
CVE-2022-3594
CVE-2022-36123 on Ubuntu 20.04 LTS (focal) - medium.
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.
Update Instructions:
Run `sudo pro fix CVE-2022-36123` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-29
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-36123
CVE-2022-36123
CVE-2022-3619 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability. It was discovered that the Bluetooth HCI implementation in the Linux kernel did not properly deallocate memory in some situations. An attacker could possibly use this cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2022-3619` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1029.35~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-60.66~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1029.35~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-20
2022-10-20
CVE-2022-3619
sbeattie> Subject "Bluetooth: L2CAP: Fix memory leak in vhci_write"
CVE-2022-3621 on Ubuntu 20.04 LTS (focal) - low.
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920. It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-3621` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-135.152
linux-image-5.4.0-153-generic-lpae - 5.4.0-135.152
linux-image-unsigned-5.4.0-153-generic - 5.4.0-135.152
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-135.152
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1092.100
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1098.104
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1098.104
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1096.105
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1090.97
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1060.64
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1040.45
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1082.88
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1055.62
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1090.99
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1025.31~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1077.88
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-135.152
linux-image-5.4.0-105-lowlatency - 5.4.0-135.152
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1092.100
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1098.104
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1098.104
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1096.105
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1090.97
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1060.64
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1040.45
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1082.88
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-56.62~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1055.62
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1090.99
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1025.31~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-10-20
2022-10-20
CVE-2022-3621
CVE-2022-3623 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability. It was discovered that the hugetlb implementation in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-3623` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1029.35~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-60.66~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1029.35~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-20
2022-10-20
CVE-2022-3623
CVE-2022-3625 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability. It was discovered that the Netlink device interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability with some network device drivers. A local attacker with admin access to the network device could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-3625` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-132.148
linux-image-5.4.0-153-generic-lpae - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-generic - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-132.148
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1050.56
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1087.94
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1037.42
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1079.85
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1087.96
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1074.85
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-132.148
linux-image-5.4.0-105-lowlatency - 5.4.0-132.148
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1050.56
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1087.94
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1037.42
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1079.85
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1087.96
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-21
2022-10-21
CVE-2022-3625
cascardo> The reported vulnerability is on mlxsw driver, and the Fixes: commit is the one introducing that vulnerability, which would be 98bbf70c1c41fb9547c3a18c0f1b96f6ebb8eb1d. However, we are opting to use 45f05def5c44c806f094709f1c9b03dcecdd54f0 as the introducing commit in case other drivers or the same driver decide to rely on that mitigation and introduce new features with the same kind of vulnerability.
CVE-2022-3628 on Ubuntu 20.04 LTS (focal) - medium.
A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-3628` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-139.156
linux-image-5.4.0-153-generic-lpae - 5.4.0-139.156
linux-image-unsigned-5.4.0-153-generic - 5.4.0-139.156
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-139.156
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1096.104
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1103.109
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1103.109
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1058.64
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1100.109
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1094.101
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1086.92
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1059.67
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1029.35~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1080.91
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-139.156
linux-image-5.4.0-105-lowlatency - 5.4.0-139.156
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1096.104
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1103.109
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1103.109
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1058.64
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1100.109
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1094.101
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1044.49
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1086.92
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-60.66~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1059.67
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1029.35~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-31
2022-10-31
CVE-2022-3628
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-36280 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-36280` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1059.67
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1059.67
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-09
2022-09-09
Ziming Zhang
https://bugzilla.openanolis.cn/show_bug.cgi?id=2071
https://bugzilla.suse.com/show_bug.cgi?id=1203332
CVE-2022-36280
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.
CVE-2022-3629 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.
Update Instructions:
Run `sudo pro fix CVE-2022-3629` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-132.148
linux-image-5.4.0-153-generic-lpae - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-generic - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-132.148
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1050.56
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1087.94
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1037.42
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1079.85
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1087.96
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1074.85
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-132.148
linux-image-5.4.0-105-lowlatency - 5.4.0-132.148
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1050.56
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1087.94
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1037.42
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1079.85
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1087.96
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-21
CVE-2022-3629
CVE-2022-3633 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.
Update Instructions:
Run `sudo pro fix CVE-2022-3633` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-132.148
linux-image-5.4.0-153-generic-lpae - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-generic - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-132.148
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1050.56
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1087.94
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1037.42
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1079.85
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1087.96
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1074.85
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-132.148
linux-image-5.4.0-105-lowlatency - 5.4.0-132.148
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1050.56
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1087.94
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1037.42
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1079.85
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1087.96
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-21
CVE-2022-3633
CVE-2022-3635 on Ubuntu 20.04 LTS (focal) - negligible.
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-3635` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-132.148
linux-image-5.4.0-153-generic-lpae - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-generic - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-132.148
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1050.56
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1087.94
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1057.61
No subscription required
linux-image-unsigned-5.15.0-1023-gkeop - 5.15.0-1008.12~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1037.42
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1006.8
linux-image-unsigned-5.4.0-1014-iot - 5.4.0-1006.8
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1079.85
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1087.96
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1074.85
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-132.148
linux-image-5.4.0-105-lowlatency - 5.4.0-132.148
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1050.56
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1087.94
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-1023-gkeop - 5.15.0-1008.12~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1037.42
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1006.8
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1079.85
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1087.96
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1020.24
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2022 Canonical Ltd.
2022-10-21
2022-10-21
CVE-2022-3635
sbeattie> this issue has nothing to do with IPSec directly as it affects an ATM network device driver.
CVE-2022-3640 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-3640` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-139.156
linux-image-5.4.0-153-generic-lpae - 5.4.0-139.156
linux-image-unsigned-5.4.0-153-generic - 5.4.0-139.156
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-139.156
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1096.104
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1103.109
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1103.109
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1058.64
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1100.109
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1094.101
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1086.92
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1029.35~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1080.91
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-139.156
linux-image-5.4.0-105-lowlatency - 5.4.0-139.156
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1096.104
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1103.109
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1103.109
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1058.64
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1100.109
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1094.101
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1044.49
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1086.92
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-60.66~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1029.35~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-21
2022-10-21
CVE-2022-3640
sbeattie> fix is 42cf46dea9 ("Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()") on the bluetooth-next tree. rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-3643 on Ubuntu 20.04 LTS (focal) - medium.
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability).
Update Instructions:
Run `sudo pro fix CVE-2022-3643` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-137.154
linux-image-5.4.0-153-generic-lpae - 5.4.0-137.154
linux-image-unsigned-5.4.0-153-generic - 5.4.0-137.154
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-137.154
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1094.102
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1028.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1101.107
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1101.107
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1058.64
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1098.107
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1027.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1094.101
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1062.66
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-58.64~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1042.47
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1092.101
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1079.90
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-137.154
linux-image-5.4.0-105-lowlatency - 5.4.0-137.154
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1094.102
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1028.32~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1101.107
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1101.107
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1058.64
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1098.107
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1027.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1094.101
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1062.66
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-58.64~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1042.47
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1092.101
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-07
2022-12-07
CVE-2022-3643
CVE-2022-3646 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2022-3646` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-136.153
linux-image-5.4.0-153-generic-lpae - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-generic - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-136.153
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1093.101
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1097.106
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1091.98
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1041.46
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1059.67
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1091.100
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1078.89
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-136.153
linux-image-5.4.0-105-lowlatency - 5.4.0-136.153
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1093.101
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1097.106
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1091.98
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1041.46
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1059.67
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1091.100
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-21
2022-10-21
CVE-2022-3646
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-3649 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-3649` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-139.156
linux-image-5.4.0-153-generic-lpae - 5.4.0-139.156
linux-image-unsigned-5.4.0-153-generic - 5.4.0-139.156
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-139.156
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1096.104
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1103.109
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1103.109
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1058.64
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1100.109
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1094.101
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1086.92
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1059.67
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1080.91
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-139.156
linux-image-5.4.0-105-lowlatency - 5.4.0-139.156
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1096.104
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1103.109
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1103.109
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1058.64
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1100.109
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1094.101
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1044.49
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1086.92
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1059.67
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-21
2022-10-21
Khalid Masum and syzbot
CVE-2022-3649
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-36879 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-36879` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-128.144
linux-image-5.4.0-153-generic-lpae - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-generic - 5.4.0-128.144
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-128.144
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1090.98
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1034.38
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1076.81
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1058.66
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1071.81
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-128.144
linux-image-5.4.0-105-lowlatency - 5.4.0-128.144
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1047.52
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1090.98
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1084.90
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1054.57
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1034.38
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1076.81
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-50.56~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1058.66
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1019.24~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-27
2022-07-27
CVE-2022-36879
CVE-2022-36946 on Ubuntu 20.04 LTS (focal) - medium.
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-36946` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-126.142
linux-image-5.4.0-153-generic-lpae - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-generic - 5.4.0-126.142
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-126.142
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1085.92
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1046.51
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1033.37
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1075.80
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-48.54~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1050.57
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1083.91
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1070.80
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-126.142
linux-image-5.4.0-105-lowlatency - 5.4.0-126.142
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1085.92
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1020.24~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1091.96
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1046.51
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1018.24~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1016.19~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1053.56
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-48.54~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1033.37
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1016.21~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1075.80
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-48.54~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-48.54~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1050.57
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1083.91
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-07-27
2022-07-27
Domingo Dirutigliano and Nicola Guerrera
https://bugzilla.redhat.com/show_bug.cgi?id=2115278
CVE-2022-36946
CVE-2022-3903 on Ubuntu 20.04 LTS (focal) - low.
An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2022-3903` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-147.164
linux-image-5.4.0-153-generic-lpae - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-generic - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-147.164
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1100.108
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1062.68
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1103.112
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1097.104
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1089.95
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1099.108
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1083.94
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-147.164
linux-image-5.4.0-105-lowlatency - 5.4.0-147.164
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1100.108
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1062.68
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1103.112
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1097.104
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1047.52
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1089.95
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1099.108
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-11-14
2022-11-14
https://bugzilla.redhat.com/show_bug.cgi?id=2140985
https://bugzilla.suse.com/show_bug.cgi?id=1205220
CVE-2022-3903
CVE-2022-39188 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. Jann Horn discovered a race condition existed in the Linux kernel when unmapping VMAs in certain situations, resulting in possible use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-39188` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-136.153
linux-image-5.4.0-153-generic-lpae - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-generic - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-136.153
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1093.101
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1097.106
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1091.98
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1041.46
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1091.100
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1078.89
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-136.153
linux-image-5.4.0-105-lowlatency - 5.4.0-136.153
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1093.101
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1097.106
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1091.98
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1041.46
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1091.100
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-02
2022-09-02
Jann Horn
CVE-2022-39188
sbeattie> for backports, see JannH's post to the stable list rodrigo-zaiden> for 5.4 kernels, two follow up commits are needed. in upstream they are: b67fbebd4cf9 and b67fbebd4cf98, they were adjusted in ubuntu kernel to match the needs.
CVE-2022-39189 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. Jann Horn discovered that the KVM subsystem in the Linux kernel did not properly handle TLB flush operations in some situations. A local attacker in a guest VM could use this to cause a denial of service (guest crash) or possibly execute arbitrary code in the guest kernel.
Update Instructions:
Run `sudo pro fix CVE-2022-39189` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-50.56~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1019.24~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1021.25~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-50.56~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1017.22~20.04.1
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-50.56~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-50.56~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1019.24~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-02
2022-09-02
Jann Horn
CVE-2022-39189
CVE-2022-39190 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. Gwangun Jung discovered that the netfilter subsystem in the Linux kernel did not properly prevent binding to an already bound chain. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-39190` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-02
2022-09-02
Gwangun Jung
CVE-2022-39190
CVE-2022-39842 on Ubuntu 20.04 LTS (focal) - low.
** DISPUTED ** An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen. Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-39842` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-136.153
linux-image-5.4.0-153-generic-lpae - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-generic - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-136.153
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1093.101
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1097.106
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1091.98
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1041.46
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1091.100
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1078.89
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-136.153
linux-image-5.4.0-105-lowlatency - 5.4.0-136.153
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1093.101
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1097.106
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1091.98
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1041.46
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1083.89
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1091.100
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-09-05
2022-09-05
Hyunwoo Kim
CVE-2022-39842
cascardo> Since Linux limits read/write calls to MAX_RW_COUNT, this cannot be exploited. rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-40307 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. It was discovered that a race condition existed in the EFI capsule loader driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-40307` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-136.153
linux-image-5.4.0-153-generic-lpae - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-generic - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-136.153
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1093.101
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1097.106
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1091.98
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1041.46
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1091.100
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1078.89
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-136.153
linux-image-5.4.0-105-lowlatency - 5.4.0-136.153
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1093.101
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1097.106
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1091.98
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1041.46
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1091.100
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-09
2022-09-09
CVE-2022-40307
CVE-2022-40768 on Ubuntu 20.04 LTS (focal) - medium.
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX storage controller driver in the Linux kernel did not properly handle certain structures. A local attacker could potentially use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-40768` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-132.148
linux-image-5.4.0-153-generic-lpae - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-generic - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-132.148
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1050.56
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1087.94
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1037.42
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1079.85
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1054.61
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1087.96
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1074.85
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-132.148
linux-image-5.4.0-105-lowlatency - 5.4.0-132.148
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1050.56
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1087.94
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1037.42
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1079.85
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1054.61
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1087.96
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-09-18
2022-09-18
Xingyuan Mo and Gengjia Chen
CVE-2022-40768
CVE-2022-4095 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-4095` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-136.153
linux-image-5.4.0-153-generic-lpae - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-generic - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-136.153
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1093.101
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1097.106
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1091.98
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1041.46
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1091.100
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1078.89
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-136.153
linux-image-5.4.0-105-lowlatency - 5.4.0-136.153
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1093.101
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1097.106
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1091.98
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1041.46
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1091.100
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-11-22
2022-11-22
Zheng Wang and Zhuorao Yang
CVE-2022-4095
CVE-2022-41218 on Ubuntu 20.04 LTS (focal) - low.
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-41218` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-09-21
2022-09-21
Hyunwoo Kim
CVE-2022-41218
cascardo> requires physical access to disconnect rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.
CVE-2022-41222 on Ubuntu 20.04 LTS (focal) - high.
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-41222` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-132.148
linux-image-5.4.0-153-generic-lpae - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-generic - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-132.148
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1050.56
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1087.94
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1037.42
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1079.85
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1087.96
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1074.85
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-132.148
linux-image-5.4.0-105-lowlatency - 5.4.0-132.148
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1050.56
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1087.94
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1037.42
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1079.85
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1087.96
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-09-21
2022-09-21
CVE-2022-41222
CVE-2022-4129 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. Haowei Yan discovered that a race condition existed in the Layer 2 Tunneling Protocol (L2TP) implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-4129` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-147.164
linux-image-5.4.0-153-generic-lpae - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-generic - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-147.164
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1100.108
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1062.68
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1103.112
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1097.104
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1016.17
linux-image-unsigned-5.4.0-1014-iot - 5.4.0-1016.17
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1089.95
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1099.108
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1083.94
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-147.164
linux-image-5.4.0-105-lowlatency - 5.4.0-147.164
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1100.108
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1062.68
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1103.112
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1097.104
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1047.52
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1089.95
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-70.77~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1099.108
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-11-28
2022-11-28
Haowei Yan
CVE-2022-4129
CVE-2022-4139 on Ubuntu 20.04 LTS (focal) - medium.
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. It was discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-4139` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1057.64
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1057.64
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-01-27
2023-01-27
CVE-2022-4139
cengizcan> Although announced break commit was backported to all v4.4 and up, actual CVE does not affect anything below v5.4 because i915 Gen 12 is not supported until v5.4.
CVE-2022-41674 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. Sönke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-41674` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
backport-iwlwifi-dkms - 8324-0ubuntu3~20.04.5
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-131.147
linux-image-5.4.0-153-generic-lpae - 5.4.0-131.147
linux-image-unsigned-5.4.0-153-generic - 5.4.0-131.147
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-131.147
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1088.96
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1049.55
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1092.101
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1056.60
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-52.58~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1036.41
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1054.61
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1086.95
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1021.27~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1073.84
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-131.147
linux-image-5.4.0-105-lowlatency - 5.4.0-131.147
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1088.96
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1049.55
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1092.101
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1056.60
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-52.58~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1036.41
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-52.58~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1054.61
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1086.95
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1021.27~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-14
2022-10-14
Sönke Huster
CVE-2022-41674
rodrigo-zaiden> it was claimed by the reporter that with the fix for this CVE applied, an slab-out-of-bounds issue might raise and, as it is not harmful, there is no additional CVE for it, but the fix for this followup issue is commit 567e14e3.
CVE-2022-41849 on Ubuntu 20.04 LTS (focal) - low.
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-41849` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-139.156
linux-image-5.4.0-153-generic-lpae - 5.4.0-139.156
linux-image-unsigned-5.4.0-153-generic - 5.4.0-139.156
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-139.156
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1096.104
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1103.109
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1103.109
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1058.64
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1100.109
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1094.101
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1086.92
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1029.35~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1080.91
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-139.156
linux-image-5.4.0-105-lowlatency - 5.4.0-139.156
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1096.104
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1103.109
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1103.109
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1058.64
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1100.109
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1094.101
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1044.49
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1086.92
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-60.66~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1029.35~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-09-30
2022-09-30
CVE-2022-41849
sbeattie> requires removing the USB device which usually requires physical proximity, therefore marking the priority of this issue as low. rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-41850 on Ubuntu 20.04 LTS (focal) - low.
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-41850` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-139.156
linux-image-5.4.0-153-generic-lpae - 5.4.0-139.156
linux-image-unsigned-5.4.0-153-generic - 5.4.0-139.156
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-139.156
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1096.104
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1103.109
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1103.109
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1058.64
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1100.109
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1094.101
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1086.92
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1059.67
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1029.35~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1080.91
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-139.156
linux-image-5.4.0-105-lowlatency - 5.4.0-139.156
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1096.104
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1103.109
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1103.109
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1058.64
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1100.109
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1094.101
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1044.49
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1086.92
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-60.66~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1059.67
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1029.35~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-09-30
2022-09-30
CVE-2022-41850
sbeattie> requires a malicious roccat device to exploit, reduced priority to low. rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-41858 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. Duoming Zhou discovered that a race condition existed in the SLIP driver in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-41858` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-122.138
linux-image-5.4.0-153-generic-lpae - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-generic - 5.4.0-122.138
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-122.138
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1081.88
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1042.47
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1084.92
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-41.44~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1029.33
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1071.76
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-42.45~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1036.40
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1079.87
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1066.76
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-122.138
linux-image-5.4.0-105-lowlatency - 5.4.0-122.138
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1081.88
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1086.91
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1008.9~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1042.47
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1084.92
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1049.52
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-41.44~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-41.44~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1029.33
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1008.11~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1071.76
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-42.45~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-42.45~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1036.40
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1079.87
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-01-17
2023-01-17
Duoming Zhou
CVE-2022-41858
CVE-2022-42328 on Ubuntu 20.04 LTS (focal) - medium.
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock).
Update Instructions:
Run `sudo pro fix CVE-2022-42328` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-07
2022-12-07
CVE-2022-42328
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-42329 on Ubuntu 20.04 LTS (focal) - medium.
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock).
Update Instructions:
Run `sudo pro fix CVE-2022-42329` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-07
2022-12-07
CVE-2022-42329
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-4269 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition. William Zhao discovered that the Traffic Control (TC) subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock).
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-05
2022-12-05
William Zhao
https://bugzilla.redhat.com/show_bug.cgi?id=2150272
CVE-2022-4269
CVE-2022-42703 on Ubuntu 20.04 LTS (focal) - high.
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-42703` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-132.148
linux-image-5.4.0-153-generic-lpae - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-generic - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-132.148
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1050.56
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1087.94
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1037.42
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1079.85
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1055.62
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1087.96
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1025.31~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1074.85
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-132.148
linux-image-5.4.0-105-lowlatency - 5.4.0-132.148
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1050.56
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1087.94
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1037.42
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1079.85
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-56.62~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1055.62
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1087.96
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1025.31~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-10-09
2022-10-09
Jann Horn
CVE-2022-42703
CVE-2022-42719 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. Sönke Huster discovered that a use-after-free vulnerability existed in the WiFi driver stack in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-42719` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
backport-iwlwifi-dkms - 8324-0ubuntu3~20.04.5
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-132.148
linux-image-5.4.0-153-generic-lpae - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-generic - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-132.148
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1050.56
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1087.94
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-52.58~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1037.42
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1079.85
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1054.61
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1087.96
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1021.27~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1074.85
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-132.148
linux-image-5.4.0-105-lowlatency - 5.4.0-132.148
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1050.56
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1087.94
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-52.58~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1037.42
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1079.85
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-52.58~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1054.61
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1087.96
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1021.27~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-13
2022-10-13
Sönke Huster
CVE-2022-42719
CVE-2022-42720 on Ubuntu 20.04 LTS (focal) - medium.
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code. Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-42720` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
backport-iwlwifi-dkms - 8324-0ubuntu3~20.04.5
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-131.147
linux-image-5.4.0-153-generic-lpae - 5.4.0-131.147
linux-image-unsigned-5.4.0-153-generic - 5.4.0-131.147
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-131.147
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1088.96
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1049.55
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1092.101
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1056.60
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-52.58~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1036.41
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1054.61
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1086.95
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1021.27~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1073.84
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-131.147
linux-image-5.4.0-105-lowlatency - 5.4.0-131.147
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1088.96
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1049.55
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1092.101
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1056.60
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-52.58~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1036.41
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-52.58~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1054.61
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1086.95
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1021.27~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-14
2022-10-14
Sönke Huster
CVE-2022-42720
CVE-2022-42721 on Ubuntu 20.04 LTS (focal) - medium.
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly handle BSSID/SSID lists in some situations. A physically proximate attacker could use this to cause a denial of service (infinite loop).
Update Instructions:
Run `sudo pro fix CVE-2022-42721` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
backport-iwlwifi-dkms - 8324-0ubuntu3~20.04.5
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-131.147
linux-image-5.4.0-153-generic-lpae - 5.4.0-131.147
linux-image-unsigned-5.4.0-153-generic - 5.4.0-131.147
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-131.147
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1088.96
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1049.55
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1092.101
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1086.93
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1056.60
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-52.58~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1036.41
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1006.8
linux-image-unsigned-5.4.0-1014-iot - 5.4.0-1006.8
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1078.84
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1054.61
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1086.95
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1021.27~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1073.84
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-131.147
linux-image-5.4.0-105-lowlatency - 5.4.0-131.147
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1088.96
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1094.100
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1049.55
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1092.101
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1086.93
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1056.60
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-52.58~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1036.41
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1006.8
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1078.84
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-52.58~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1054.61
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1086.95
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1021.27~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1020.24
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-14
2022-10-14
Sönke Huster
CVE-2022-42721
CVE-2022-42722 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. Sönke Huster discovered that the WiFi driver stack in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-42722` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
backport-iwlwifi-dkms - 8324-0ubuntu3~20.04.5
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-52.58~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1001.3
linux-image-unsigned-5.4.0-1014-iot - 5.4.0-1001.3
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-52.58~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1054.61
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1021.27~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1022.26~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1022.27~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1021.28~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1019.23~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-52.58~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1001.3
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-52.58~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-52.58~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1054.61
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1021.27~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1020.24
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-14
2022-10-14
Sönke Huster
CVE-2022-42722
CVE-2022-42895 on Ubuntu 20.04 LTS (focal) - medium.
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-42895` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-139.156
linux-image-5.4.0-153-generic-lpae - 5.4.0-139.156
linux-image-unsigned-5.4.0-153-generic - 5.4.0-139.156
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-139.156
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1096.104
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1103.109
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1103.109
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1058.64
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1100.109
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1094.101
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1086.92
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1057.64
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1029.35~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1080.91
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-139.156
linux-image-5.4.0-105-lowlatency - 5.4.0-139.156
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1096.104
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1103.109
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1103.109
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1058.64
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1100.109
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1094.101
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1044.49
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1086.92
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-60.66~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1057.64
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1029.35~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-11-23
2022-11-23
Tamás Koczka
CVE-2022-42895
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-42896 on Ubuntu 20.04 LTS (focal) - high.
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-42896` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-137.154
linux-image-5.4.0-153-generic-lpae - 5.4.0-137.154
linux-image-unsigned-5.4.0-153-generic - 5.4.0-137.154
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-137.154
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1094.102
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1028.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1101.107
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1101.107
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1058.64
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1098.107
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1027.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1094.101
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1062.66
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-58.64~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1042.47
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1056.63
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1092.101
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1079.90
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-137.154
linux-image-5.4.0-105-lowlatency - 5.4.0-137.154
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1094.102
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1028.32~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1101.107
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1101.107
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1058.64
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1098.107
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1027.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1094.101
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1062.66
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-58.64~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1042.47
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1056.63
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1092.101
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-11-23
2022-11-23
Tamás Koczka
CVE-2022-42896
CVE-2022-4304 on Ubuntu 20.04 LTS (focal) - medium.
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.
Update Instructions:
Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2.17
openssl - 1.1.1f-1ubuntu2.17
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-02-07
2023-02-07
Hubert Kario
2023-02-07
CVE-2022-4304
mdeslaur> Due to the substantial code changes required to fix this side channel issue and others like it in the 1.0.2 and earlier codebases, we will not be fixing this issue in bionic and earlier to not introduce possible regressions. The commit was later reverted, and a more simplified fix was used, see: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0372649a943fb23f7f08c7acdbc01464b9df03f0 https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3f499b24f3bcd66db022074f7e8b4f6ee266a3ae
CVE-2022-43750 on Ubuntu 20.04 LTS (focal) - medium.
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-43750` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-136.153
linux-image-5.4.0-153-generic-lpae - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-generic - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-136.153
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1093.101
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1097.106
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1091.98
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1041.46
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1058.66
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1091.100
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1078.89
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-136.153
linux-image-5.4.0-105-lowlatency - 5.4.0-136.153
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1093.101
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1097.106
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1091.98
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1041.46
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1058.66
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1091.100
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-10-26
2022-10-26
Syzbot
CVE-2022-43750
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2022-4378 on Ubuntu 20.04 LTS (focal) - high.
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-4378` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1028.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1027.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-58.64~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1056.63
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1028.32~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1027.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-58.64~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1056.63
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2023 Canonical Ltd.
2023-01-05
2023-01-05
Kyle Zeng
CVE-2022-4378
CVE-2022-4379 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial It was discovered that the NFSD implementation in the Linux kernel contained a use-after-free vulnerability. A remote attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-4379` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1058.66
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1058.66
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-01-10
2023-01-10
Xingyuan Mo and Gengjia Chen
CVE-2022-4379
cascardo> prioritizing as Medium as nfsd parameter inter_copy_offload_enable is off by default.
CVE-2022-4382 on Ubuntu 20.04 LTS (focal) - low.
A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. Gerald Lee discovered that the USB Gadget file system implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-4382` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-146.163
linux-image-5.4.0-153-generic-lpae - 5.4.0-146.163
linux-image-unsigned-5.4.0-153-generic - 5.4.0-146.163
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-146.163
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1099.107
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1105.111
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1105.111
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1060.66
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1102.111
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1096.103
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1066.70
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1046.51
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1088.94
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1098.107
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1082.93
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-146.163
linux-image-5.4.0-105-lowlatency - 5.4.0-146.163
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1099.107
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1105.111
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1105.111
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1060.66
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1102.111
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1096.103
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1066.70
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1046.51
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1088.94
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1098.107
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1023.27
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2023 Canonical Ltd.
2023-01-10
2023-01-10
Gerald Lee
CVE-2022-4382
sbeattie> Because the USB gadget interface is for when the system is acting as a USB device rather than a host, the USB Gadget FS is not mounted by default in Ubuntu.
CVE-2022-43945 on Ubuntu 20.04 LTS (focal) - high.
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-43945` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-137.154
linux-image-5.4.0-153-generic-lpae - 5.4.0-137.154
linux-image-unsigned-5.4.0-153-generic - 5.4.0-137.154
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-137.154
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1094.102
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1101.107
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1101.107
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1058.64
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1098.107
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1094.101
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1062.66
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1042.47
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-56.62~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1055.62
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1092.101
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1025.31~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1079.90
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-137.154
linux-image-5.4.0-105-lowlatency - 5.4.0-137.154
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1094.102
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1026.30~20.04.2
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1101.107
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1101.107
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1058.64
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1098.107
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1025.32~20.04.2
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1094.101
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1023.28~20.04.2
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1062.66
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-56.62~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1042.47
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1021.26~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-56.62~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-56.62~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1055.62
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1092.101
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1025.31~20.04.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2022 Canonical Ltd.
2022-11-04
2022-11-04
CVE-2022-43945
CVE-2022-4450 on Ubuntu 20.04 LTS (focal) - medium.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.
Update Instructions:
Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2.17
openssl - 1.1.1f-1ubuntu2.17
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-02-07
2023-02-07
CarpetFuzz, Dawei Wang
2023-02-07
CVE-2022-4450
mdeslaur> 1.0.2 is not affected
CVE-2022-45869 on Ubuntu 20.04 LTS (focal) - medium.
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. It was discovered that a race condition existed in the x86 KVM subsystem implementation in the Linux kernel when nested virtualization and the TDP MMU are enabled. An attacker in a guest vm could use this to cause a denial of service (host OS crash).
Update Instructions:
Run `sudo pro fix CVE-2022-45869` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-11-30
2022-11-30
CVE-2022-45869
CVE-2022-45884 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-11-25
CVE-2022-45884
sbeattie> unfixed as of 2023.01.31 exploiting this vulnerability requires disconnecting a DVB device, which is why this has been prioritized as low.
CVE-2022-45885 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-11-25
https://bugzilla.redhat.com/show_bug.cgi?id=2148513
CVE-2022-45885
sbeattie> unfixed upstream as of 2023.01.10 exploiting this vulnerability requires disconnecting a DVB device, which is why this has been prioritized as low.
CVE-2022-45886 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-11-25
CVE-2022-45886
sbeattie> unfixed as of 2023.01.10 exploiting this vulnerability requires disconnecting a DVB device, which is why this has been prioritized as low.
CVE-2022-45887 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-11-25
Hyunwoo Kim
https://bugzilla.redhat.com/show_bug.cgi?id=2148520
CVE-2022-45887
sbeattie> unfixed upstream as of 2023.01.10
CVE-2022-45919 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-11-27
CVE-2022-45919
sbeattie> unfixed upstream as of 2023.01.10 exploiting this vulnerability requires disconnecting a DVB device, which is why this has been prioritized as low.
CVE-2022-45934 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-45934` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-137.154
linux-image-5.4.0-153-generic-lpae - 5.4.0-137.154
linux-image-unsigned-5.4.0-153-generic - 5.4.0-137.154
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-137.154
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1094.102
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1028.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1101.107
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1101.107
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1058.64
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1098.107
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1027.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1094.101
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1062.66
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-58.64~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1042.47
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1084.90
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1056.63
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1092.101
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1079.90
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-137.154
linux-image-5.4.0-105-lowlatency - 5.4.0-137.154
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1094.102
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1028.32~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1101.107
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1101.107
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1058.64
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1098.107
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1027.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1094.101
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1062.66
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-58.64~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1042.47
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1084.90
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1056.63
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1092.101
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-11-27
2022-11-27
CVE-2022-45934
sbeattie> looks to have been introduced in f2fcfcd67025 ("Bluetooth: Add configuration support for ERTM and Streaming mode")
CVE-2022-4662 on Ubuntu 20.04 LTS (focal) - low.
A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. It was discovered that the USB core subsystem in the Linux kernel did not properly handle nested reset events. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (kernel deadlock).
Update Instructions:
Run `sudo pro fix CVE-2022-4662` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-136.153
linux-image-5.4.0-153-generic-lpae - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-generic - 5.4.0-136.153
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-136.153
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1093.101
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1054.60
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1097.106
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1091.98
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-57.63~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1041.46
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1083.89
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-58.64~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1091.100
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1027.33~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1078.89
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-136.153
linux-image-5.4.0-105-lowlatency - 5.4.0-136.153
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1093.101
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1027.31~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1100.106
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1054.60
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1097.106
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1026.33~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1091.98
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1061.65
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-57.63~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-57.63~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1041.46
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1023.28~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1083.89
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-58.64~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-58.64~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1091.100
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1027.33~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-12-22
2022-12-22
CVE-2022-4662
CVE-2022-4696 on Ubuntu 20.04 LTS (focal) - high.
There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above It was discovered that a use-after-free vulnerability existed in the io_uring subsystem in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-4696` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2023 Canonical Ltd.
2023-01-11
CVE-2022-4696
CVE-2022-4744 on Ubuntu 20.04 LTS (focal) - medium.
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.
Update Instructions:
Run `sudo pro fix CVE-2022-4744` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-33.34~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1022.24
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1007.9~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1014.18~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1007.8~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1006.9~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1011.14~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-33.34~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1003.5~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-33.34~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-33.34~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1022.24
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1007.9~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-03-30
CVE-2022-4744
CVE-2022-47518 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames. It was discovered that the Atmel WILC1000 driver in the Linux kernel did not properly validate the number of channels, leading to an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-47518` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-12-18
2022-12-18
CVE-2022-47518
sbeattie> this driver was in the staging tree until the v5.9 kernel.
CVE-2022-47519 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames. It was discovered that the Atmel WILC1000 driver in the Linux kernel did not properly validate specific attributes, leading to an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-47519` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-12-18
2022-12-18
CVE-2022-47519
sbeattie> this driver was in the staging tree until the v5.9 kernel
CVE-2022-47520 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. It was discovered that the Atmel WILC1000 driver in the Linux kernel did not properly validate offsets, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-47520` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1058.66
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1058.66
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-18
2022-12-18
CVE-2022-47520
sbeattie> this driver was in the staging tree until the v5.9 kernel
CVE-2022-47521 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames. It was discovered that the Atmel WILC1000 driver in the Linux kernel did not properly validate specific attributes, leading to a heap-based buffer overflow. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-47521` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-18
2022-12-18
CVE-2022-47521
sbeattie> this driver was in the staging tree until the v5.9 kernel
CVE-2022-47929 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-47929` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-70.77~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-01-17
2023-01-17
CVE-2022-47929
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.
CVE-2022-47938 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.
Update Instructions:
Run `sudo pro fix CVE-2022-47938` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-23
CVE-2022-47938
sbeattie> needs ksmbd-tools installed to enable the service, which is not installed by default.
CVE-2022-47939 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.
Update Instructions:
Run `sudo pro fix CVE-2022-47939` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-23
Arnaud Gatignol, Quentin Minster, Florent Saudel, Guillaume Teissier
CVE-2022-47939
sbeattie> needs ksmbd-tools installed to enable the service, which is not installed by default.
CVE-2022-47940 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write. Arnaud Gatignol, Quentin Minster, Florent Saudel and Guillaume Teissier discovered that the KSMBD implementation in the Linux kernel did not properly validate user-supplied data in some situations. An authenticated attacker could use this to cause a denial of service (system crash), expose sensitive information (kernel memory) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2022-47940` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1029.35~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-60.66~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1029.35~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-23
2022-12-23
Arnaud Gatignol, Quentin Minster, Florent Saudel, Guillaume Teissier
CVE-2022-47940
sbeattie> to be vulnerable, needs ksmbd-tools installed to enable the ksmbd service, which is not installed by default.
CVE-2022-47941 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.
Update Instructions:
Run `sudo pro fix CVE-2022-47941` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-23
Arnaud Gatignol, Quentin Minster, Florent Saudel, Guillaume Teissier
CVE-2022-47941
sbeattie> needs ksmbd-tools installed to enable the service, which is not installed by default.
CVE-2022-47942 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.
Update Instructions:
Run `sudo pro fix CVE-2022-47942` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-23
Arnaud Gatignol, Quentin Minster, Florent Saudel, Guillaume Teissier
CVE-2022-47942
sbeattie> needs ksmbd-tools installed to enable the service, which is not installed by default.
CVE-2022-47943 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.
Update Instructions:
Run `sudo pro fix CVE-2022-47943` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-12-23
Arnaud Gatignol, Quentin Minster, Florent Saudel, Guillaume Teissier
CVE-2022-47943
sbeattie> to be vulnerable, need ksmbd-tools installed to enable the ksmbd service, which is not installed by default.
CVE-2022-4842 on Ubuntu 20.04 LTS (focal) - medium.
A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system. It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-4842` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-70.77~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-01-12
2023-01-12
https://bugzilla.redhat.com/show_bug.cgi?id=2156927
CVE-2022-4842
CVE-2022-48423 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate attributes in certain situations, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2022-48423` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-03-19
2023-03-19
CVE-2022-48423
CVE-2022-48424 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate attributes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2022-48424` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2023 Canonical Ltd.
2023-03-19
2023-03-19
CVE-2022-48424
CVE-2023-0045 on Ubuntu 20.04 LTS (focal) - low.
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2023-0045` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1058.66
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1058.66
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2023 Canonical Ltd.
2023-02-03
2023-02-03
José Oliveira and Rodrigo Branco
CVE-2023-0045
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.
CVE-2023-0179 on Ubuntu 20.04 LTS (focal) - high.
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2023-0179` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1057.64
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1057.64
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2023 Canonical Ltd.
2023-01-13
2023-01-13
Davide Ornaghi
CVE-2023-0179
CVE-2023-0210 on Ubuntu 20.04 LTS (focal) - medium.
A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. It was discovered that the KSMBD implementation in the Linux kernel did not properly validate buffer lengths, leading to a heap-based buffer overflow. A remote attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2023-0210` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-01-11
2023-01-11
CVE-2023-0210
sbeattie> needs ksmbd-tools installed to enable the service, which is not installed by default.
CVE-2023-0215 on Ubuntu 20.04 LTS (focal) - medium.
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.
Update Instructions:
Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2.17
openssl - 1.1.1f-1ubuntu2.17
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-02-07
2023-02-07
Octavio Galland and Marcel Böhme
2023-02-07
CVE-2023-0215
CVE-2023-0266 on Ubuntu 20.04 LTS (focal) - medium.
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e It was discovered that a use-after-free vulnerability existed in the Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2023-0266` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-01-30
2023-01-30
CVE-2023-0266
sbeattie> the fix commit claims that the issues is only present in 5.13 and newer, but it's not clear why, from both the history of the snd_ctl_elem_read() path and the compat path. rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.
CVE-2023-0286 on Ubuntu 20.04 LTS (focal) - high.
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
Update Instructions:
Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2.17
openssl - 1.1.1f-1ubuntu2.17
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2023 Canonical Ltd.
2023-02-07
2023-02-07
David Benjamin
2023-02-07
CVE-2023-0286
CVE-2023-0386 on Ubuntu 20.04 LTS (focal) - high.
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.
Update Instructions:
Run `sudo pro fix CVE-2023-0386` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-70.77~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2023 Canonical Ltd.
2023-03-22
2023-03-22
https://bugzilla.redhat.com/show_bug.cgi?id=2159505
CVE-2023-0386
CVE-2023-0394 on Ubuntu 20.04 LTS (focal) - medium.
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2023-0394` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1059.67
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-70.77~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1059.67
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-01-26
2023-01-26
Kyle Zeng
CVE-2023-0394
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.
CVE-2023-0458 on Ubuntu 20.04 LTS (focal) - medium.
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11 Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit() function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2023-0458` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-147.164
linux-image-5.4.0-153-generic-lpae - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-generic - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-147.164
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1100.108
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1062.68
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1103.112
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1097.104
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1016.17
linux-image-unsigned-5.4.0-1014-iot - 5.4.0-1016.17
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1089.95
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1099.108
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1083.94
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-147.164
linux-image-5.4.0-105-lowlatency - 5.4.0-147.164
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1100.108
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1062.68
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1103.112
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1097.104
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1047.52
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1089.95
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-70.77~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1099.108
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-04-26
2023-04-26
Jordy Zomer and Alexandra Sandulescu
CVE-2023-0458
CVE-2023-0459 on Ubuntu 20.04 LTS (focal) - medium.
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2023-0459` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-149.166
linux-image-5.4.0-153-generic-lpae - 5.4.0-149.166
linux-image-unsigned-5.4.0-153-generic - 5.4.0-149.166
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-149.166
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1102.110
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1036.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1108.114
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1108.114
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1064.70
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1105.114
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1034.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1099.106
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1069.73
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-72.79~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1049.54
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1091.97
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1035.41~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1085.96
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-149.166
linux-image-5.4.0-105-lowlatency - 5.4.0-149.166
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1102.110
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1036.40~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1108.114
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1108.114
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1064.70
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1105.114
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1034.42~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1099.106
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1069.73
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-72.79~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1049.54
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1091.97
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-72.79~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1035.41~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-04-20
2023-04-20
Jordy Zomer and Alexandra Sandulescu
CVE-2023-0459
CVE-2023-0461 on Ubuntu 20.04 LTS (focal) - high.
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2023-0461` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1058.66
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1058.66
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2023 Canonical Ltd.
2023-02-22
2023-02-22
CVE-2023-0461
sbeattie> reported by google kCTF, apparently. rodrigo-zaiden> for some kernels, an extra commit was applied as a follow up commit: "UBUNTU: SAUCE: Fix inet_csk_listen_start after CVE-2023-0461" to properly address an error code variable during the backport. USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2023-0464 on Ubuntu 20.04 LTS (focal) - low.
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.
Update Instructions:
Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2.18
openssl - 1.1.1f-1ubuntu2.18
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2023 Canonical Ltd.
2023-03-22
2023-03-22
David Benjamin
CVE-2023-0464
CVE-2023-0465 on Ubuntu 20.04 LTS (focal) - low.
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.
Update Instructions:
Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2.18
openssl - 1.1.1f-1ubuntu2.18
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2023 Canonical Ltd.
2023-03-28
2023-03-28
David Benjamin
CVE-2023-0465
ccdm94> This CVE was omitted from the changelog of the updates listed below for packages openssl and openssl1.0.
CVE-2023-0466 on Ubuntu 20.04 LTS (focal) - negligible.
The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.
Update Instructions:
Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2.18
openssl - 1.1.1f-1ubuntu2.18
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2023 Canonical Ltd.
2023-03-28
2023-03-28
David Benjamin
CVE-2023-0466
mdeslaur> The upstream fix for this is only a documentation change
CVE-2023-0468 on Ubuntu 20.04 LTS (focal) - high.
A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2023-0468` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1001.3
linux-image-unsigned-5.4.0-1014-iot - 5.4.0-1001.3
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1001.3
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1020.24
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2023 Canonical Ltd.
2023-01-26
2023-01-26
Lin Ma
https://bugzilla.redhat.com/show_bug.cgi?id=2164024
CVE-2023-0468
CVE-2023-0590 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. It was discovered that a race condition existed in the qdisc implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2023-0590` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-154.171
linux-image-5.4.0-153-generic-lpae - 5.4.0-154.171
linux-image-unsigned-5.4.0-153-generic - 5.4.0-154.171
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-154.171
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1029.35~20.04.1
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1029.33~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-154.171
linux-image-5.4.0-105-lowlatency - 5.4.0-154.171
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-60.66~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1029.35~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-02-01
2023-02-01
CVE-2023-0590
CVE-2023-1073 on Ubuntu 20.04 LTS (focal) - medium.
A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. It was discovered that the Human Interface Device (HID) support driver in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2023-1073` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-147.164
linux-image-5.4.0-153-generic-lpae - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-generic - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-147.164
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1100.108
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1062.68
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1103.112
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1097.104
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1089.95
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1099.108
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1083.94
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-147.164
linux-image-5.4.0-105-lowlatency - 5.4.0-147.164
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1100.108
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1062.68
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1103.112
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1097.104
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1047.52
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1089.95
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-70.77~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1099.108
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-02-28
2023-02-28
CVE-2023-1073
CVE-2023-1074 on Ubuntu 20.04 LTS (focal) - medium.
A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service. It was discovered that a memory leak existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2023-1074` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-147.164
linux-image-5.4.0-153-generic-lpae - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-generic - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-147.164
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1100.108
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1062.68
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1103.112
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1097.104
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1089.95
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1099.108
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1083.94
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-147.164
linux-image-5.4.0-105-lowlatency - 5.4.0-147.164
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1100.108
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1062.68
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1103.112
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1097.104
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1047.52
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1089.95
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-70.77~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1099.108
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-02-28
2023-02-28
CVE-2023-1074
CVE-2023-1077 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2023-1077` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-152.169
linux-image-5.4.0-153-generic-lpae - 5.4.0-152.169
linux-image-unsigned-5.4.0-153-generic - 5.4.0-152.169
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-152.169
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1104.112
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1038.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1110.116
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1040.47~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1040.47~20.04.1.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1065.71
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1107.116
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1036.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1102.109
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1036.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1071.75
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-75.82~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-75.82~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-75.82~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-75.82~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1051.56
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1093.99
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-75.82~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-75.82~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1103.112
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1037.43~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1088.99
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1035.39~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-152.169
linux-image-5.4.0-105-lowlatency - 5.4.0-152.169
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1104.112
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1038.43~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1110.116
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1040.47~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1040.47~20.04.1.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1065.71
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1107.116
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1036.44~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1102.109
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1036.41~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1071.75
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-75.82~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-75.82~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1051.56
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1093.99
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-75.82~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-75.82~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1103.112
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1037.43~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-03-27
2023-03-27
https://bugzilla.redhat.com/show_bug.cgi?id=2173436
https://bugzilla.suse.com/show_bug.cgi?id=1208600
CVE-2023-1077
CVE-2023-1078 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption. It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2023-1078` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-149.166
linux-image-5.4.0-153-generic-lpae - 5.4.0-149.166
linux-image-unsigned-5.4.0-153-generic - 5.4.0-149.166
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-149.166
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1102.110
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1036.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1108.114
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1108.114
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1038.45~20.04.1.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1064.70
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1105.114
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1034.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1099.106
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1069.73
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-72.79~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1049.54
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1091.97
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1035.41~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1085.96
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-149.166
linux-image-5.4.0-105-lowlatency - 5.4.0-149.166
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1102.110
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1036.40~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1108.114
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1108.114
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1038.45~20.04.1.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1064.70
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1105.114
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1034.42~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1099.106
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1069.73
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-72.79~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1049.54
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1091.97
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-72.79~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1035.41~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-03-02
2023-03-02
CVE-2023-1078
CVE-2023-1095 on Ubuntu 20.04 LTS (focal) - medium.
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly initialize a data structure, leading to a null pointer dereference vulnerability. An attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2023-1095` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-132.148
linux-image-5.4.0-153-generic-lpae - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-generic - 5.4.0-132.148
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-132.148
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1089.97
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1050.56
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1087.94
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1037.42
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1079.85
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1087.96
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1074.85
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-132.148
linux-image-5.4.0-105-lowlatency - 5.4.0-132.148
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1089.97
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1095.101
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1050.56
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1087.94
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1057.61
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1037.42
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1079.85
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1087.96
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-02-28
2023-02-28
Mingi Cho
CVE-2023-1095
CVE-2023-1118 on Ubuntu 20.04 LTS (focal) - negligible.
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2023-1118` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-149.166
linux-image-5.4.0-153-generic-lpae - 5.4.0-149.166
linux-image-unsigned-5.4.0-153-generic - 5.4.0-149.166
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-149.166
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1102.110
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1036.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1108.114
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1108.114
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1064.70
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1105.114
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1034.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1099.106
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1069.73
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-72.79~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1049.54
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1091.97
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1035.41~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1085.96
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-149.166
linux-image-5.4.0-105-lowlatency - 5.4.0-149.166
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1102.110
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1036.40~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1108.114
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1108.114
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1064.70
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1105.114
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1034.42~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1099.106
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1069.73
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-72.79~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1049.54
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1091.97
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-72.79~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1035.41~20.04.1
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2023 Canonical Ltd.
2023-03-02
2023-03-02
Duoming Zhou
CVE-2023-1118
cascardo> requires privilege to unbind a PNP device
CVE-2023-1195 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. It was discovered that the CIFS network file system implementation in the Linux kernel contained a user-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2023-1195` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-99.112
linux-image-5.4.0-153-generic-lpae - 5.4.0-99.112
linux-image-unsigned-5.4.0-153-generic - 5.4.0-99.112
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-99.112
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1065.68
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1028.31
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1064.68
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1062.65
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1033.34
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1014.15
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1055.57
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1063.67
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-99.112
linux-image-5.4.0-105-lowlatency - 5.4.0-99.112
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1065.68
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1028.31
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1062.65
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1033.34
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1014.15
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1055.57
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1063.67
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-03-07
2023-03-07
CVE-2023-1195
CVE-2023-1281 on Ubuntu 20.04 LTS (focal) - high.
Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2023-1281` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-147.164
linux-image-5.4.0-153-generic-lpae - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-generic - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-147.164
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1100.108
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1062.68
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1103.112
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1097.104
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1089.95
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1099.108
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1083.94
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-147.164
linux-image-5.4.0-105-lowlatency - 5.4.0-147.164
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1100.108
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1062.68
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1103.112
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1097.104
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1047.52
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1089.95
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-70.77~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1099.108
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2023 Canonical Ltd.
2023-03-22
2023-03-22
https://bugzilla.redhat.com/show_bug.cgi?id=2181847
https://bugzilla.suse.com/show_bug.cgi?id=1209634
CVE-2023-1281
CVE-2023-1382 on Ubuntu 20.04 LTS (focal) - medium.
A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2023-1382` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-03-15
2023-03-15
Wei Chen
https://bugzilla.redhat.com/show_bug.cgi?id=2177371
CVE-2023-1382
CVE-2023-1513 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2023-1513` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-149.166
linux-image-5.4.0-153-generic-lpae - 5.4.0-149.166
linux-image-unsigned-5.4.0-153-generic - 5.4.0-149.166
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-149.166
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1102.110
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1036.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1108.114
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1108.114
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1038.45~20.04.1.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1064.70
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1105.114
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1034.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1099.106
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1069.73
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-72.79~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1049.54
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1091.97
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1035.41~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1085.96
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-149.166
linux-image-5.4.0-105-lowlatency - 5.4.0-149.166
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1102.110
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1036.40~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1108.114
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1108.114
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1038.45~20.04.1.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1064.70
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1105.114
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1034.42~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1099.106
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1069.73
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-72.79~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1049.54
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1091.97
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-72.79~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1035.41~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2023 Canonical Ltd.
2023-03-23
2023-03-23
Xingyuan Mo (IceSword Lab)
https://bugzilla.redhat.com/show_bug.cgi?id=2179892
CVE-2023-1513
cascardo> restricted info leak, only available to kvm group
CVE-2023-1652 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem. It was discovered that the NFS implementation in the Linux kernel did not properly handle pending tasks in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2023-1652` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-70.77~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-03-29
2023-03-29
https://bugzilla.redhat.com/show_bug.cgi?id=2182031
CVE-2023-1652
CVE-2023-1829 on Ubuntu 20.04 LTS (focal) - high.
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed.
Update Instructions:
Run `sudo pro fix CVE-2023-1829` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-148.165
linux-image-5.4.0-153-generic-lpae - 5.4.0-148.165
linux-image-unsigned-5.4.0-153-generic - 5.4.0-148.165
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-148.165
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1101.109
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1035.39~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1107.113
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1037.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1107.113
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1037.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1062.68
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1104.113
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1033.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1098.105
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1032.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-71.78~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-71.78~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-71.78~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-71.78~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1048.53
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1090.96
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-71.78~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-71.78~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1100.109
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1034.40~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1084.95
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-148.165
linux-image-5.4.0-105-lowlatency - 5.4.0-148.165
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1101.109
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1035.39~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1107.113
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1037.44~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1107.113
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1037.44~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1062.68
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1104.113
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1033.41~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1098.105
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1032.37~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1068.72
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-71.78~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-71.78~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1048.53
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1090.96
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-71.78~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-71.78~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1100.109
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1034.40~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2023 Canonical Ltd.
2023-04-12
2023-04-12
https://bugzilla.suse.com/show_bug.cgi?id=1210335
CVE-2023-1829
CVE-2023-1872 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8. It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2023-1872` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1035.39~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1037.44~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1037.44~20.04.1.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1033.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1032.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-71.78~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-71.78~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-71.78~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-71.78~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-71.78~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-71.78~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1034.40~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1035.39~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1037.44~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1037.44~20.04.1.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1033.41~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1032.37~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-71.78~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-71.78~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-71.78~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-71.78~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1034.40~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-04-12
2023-04-12
CVE-2023-1872
CVE-2023-1998 on Ubuntu 20.04 LTS (focal) - medium.
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2 mitigations with prctl syscall were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2023-1998` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-152.169
linux-image-5.4.0-153-generic-lpae - 5.4.0-152.169
linux-image-unsigned-5.4.0-153-generic - 5.4.0-152.169
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-152.169
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1104.112
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1038.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1110.116
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1040.47~20.04.1
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1040.47~20.04.1.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1065.71
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1107.116
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1036.44~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1102.109
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1036.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1071.75
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-75.82~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-75.82~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-75.82~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-75.82~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1051.56
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1093.99
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-75.82~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-75.82~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1103.112
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1037.43~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1088.99
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1035.39~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-152.169
linux-image-5.4.0-105-lowlatency - 5.4.0-152.169
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1104.112
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1038.43~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1110.116
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1040.47~20.04.1
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1040.47~20.04.1.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1065.71
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1107.116
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1036.44~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1102.109
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1036.41~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1071.75
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-75.82~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-75.82~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1051.56
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1093.99
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-75.82~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-75.82~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1103.112
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1037.43~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-04-13
2023-04-13
José Oliveira and Rodrigo Branco
https://bugzilla.redhat.com/show_bug.cgi?id=2187257
https://bugzilla.suse.com/show_bug.cgi?id=1210506
CVE-2023-1998
CVE-2023-20928 on Ubuntu 20.04 LTS (focal) - medium.
In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel It was discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2023-20928` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-139.156
linux-image-5.4.0-153-generic-lpae - 5.4.0-139.156
linux-image-unsigned-5.4.0-153-generic - 5.4.0-139.156
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-139.156
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1096.104
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1103.109
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1103.109
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1058.64
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1100.109
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1094.101
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1044.49
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1086.92
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-53.59~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1093.102
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1022.28~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1080.91
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-139.156
linux-image-5.4.0-105-lowlatency - 5.4.0-139.156
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1096.104
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1023.27~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1103.109
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1103.109
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1023.29~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1058.64
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1100.109
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1022.29~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1094.101
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1020.25~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1064.68
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-53.59~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1044.49
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1018.23~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1086.92
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-53.59~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-53.59~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1093.102
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1022.28~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-01-26
2023-01-26
CVE-2023-20928
sbeattie> patch for backport kernels is "binder: fix UAF of alloc->vma in race with munmap()" (27a594bc7a7c in linux-5.4.y)
CVE-2023-2162 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2023-2162` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-149.166
linux-image-5.4.0-153-generic-lpae - 5.4.0-149.166
linux-image-unsigned-5.4.0-153-generic - 5.4.0-149.166
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-149.166
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1102.110
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1036.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1108.114
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1108.114
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1064.70
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1105.114
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1034.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1099.106
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1069.73
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-72.79~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1049.54
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1091.97
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1035.41~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1085.96
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-149.166
linux-image-5.4.0-105-lowlatency - 5.4.0-149.166
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1102.110
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1036.40~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1108.114
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1108.114
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1064.70
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1105.114
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1034.42~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1099.106
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1069.73
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-72.79~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1049.54
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1091.97
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-72.79~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1035.41~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-04-19
2023-04-19
https://bugzilla.redhat.com/show_bug.cgi?id=2187773
CVE-2023-2162
CVE-2023-22998 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
Update Instructions:
Run `sudo pro fix CVE-2023-22998` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-60.66~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1029.35~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1033.40~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1029.36~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-60.66~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1025.30~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-60.66~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-60.66~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1029.35~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-02-28
CVE-2023-22998
CVE-2023-23454 on Ubuntu 20.04 LTS (focal) - medium.
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). Kyle Zeng discovered that the class-based queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2023-23454` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-01-12
2023-01-12
Kyle Zeng
CVE-2023-23454
CVE-2023-23455 on Ubuntu 20.04 LTS (focal) - medium.
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2023-23455` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1013.15
linux-image-unsigned-5.4.0-1014-iot - 5.4.0-1013.15
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1030.34~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1014-iot - 5.4.0-1013.15
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1022.26
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-01-12
2023-01-12
Kyle Zeng
CVE-2023-23455
sbeattie> the break entry, b0188d4dbe5f ("[NET_SCHED]: sch_atm: Lindent"), is likely incorrect, as it is just code format changes. rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.
CVE-2023-23559 on Ubuntu 20.04 LTS (focal) - medium.
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2023-23559` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-146.163
linux-image-5.4.0-153-generic-lpae - 5.4.0-146.163
linux-image-unsigned-5.4.0-153-generic - 5.4.0-146.163
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-146.163
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1099.107
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1105.111
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1105.111
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1060.66
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1102.111
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1096.103
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1066.70
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1046.51
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1088.94
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1098.107
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1082.93
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-146.163
linux-image-5.4.0-105-lowlatency - 5.4.0-146.163
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1099.107
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1105.111
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1105.111
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1060.66
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1102.111
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1096.103
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1066.70
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1046.51
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1088.94
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1098.107
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1023-xilinx-zynqmp - 5.4.0-1023.27
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-01-13
2023-01-13
CVE-2023-23559
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.
CVE-2023-2650 on Ubuntu 20.04 LTS (focal) - medium.
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.
Update Instructions:
Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2.19
openssl - 1.1.1f-1ubuntu2.19
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-05-30
2023-05-30
Matt Caswell
2023-05-30
CVE-2023-2650
CVE-2023-26544 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size. It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate the size of attributes when parsing MFT. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2023-26544` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-02-25
2023-02-25
https://bugzilla.redhat.com/show_bug.cgi?id=2182441
https://bugzilla.suse.com/show_bug.cgi?id=1208697
CVE-2023-26544
sbeattie> reproducer in gist sbeattie> SUSE believes this was fixed in 887bfc546097 ("fs/ntfs3: Fix slab-out-of-bounds read in run_unpack")
CVE-2023-26545 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. Lianhui Tang discovered that the MPLS implementation in the Linux kernel did not properly handle certain sysctl allocation failure conditions, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2023-26545` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-147.164
linux-image-5.4.0-153-generic-lpae - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-generic - 5.4.0-147.164
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-147.164
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1100.108
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1062.68
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1103.112
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1097.104
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1047.52
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1089.95
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-70.77~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1099.108
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1033.39~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1083.94
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-147.164
linux-image-5.4.0-105-lowlatency - 5.4.0-147.164
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1100.108
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1106.112
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1036.43~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1062.68
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1103.112
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1032.40~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1097.104
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1067.71
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-70.77~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1047.52
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1089.95
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-70.77~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-70.77~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1099.108
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1033.39~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-02-25
2023-02-25
lianhui tang
CVE-2023-26545
CVE-2023-26605 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid. It was discovered that the file system writeback functionality in the Linux kernel contained a user-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2023-26605` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-02-26
2023-02-26
CVE-2023-26605
CVE-2023-26606 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c. It was discovered that the NTFS file system implementation in the Linux kernel did not properly handle a loop termination condition, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2023-26606` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1003.4
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.14.0-1059-oem - 5.14.0-1004.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1006.6
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1003.4
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.14.0-1027-oem - 5.14.0-1004.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-02-26
2023-02-26
https://bugzilla.suse.com/show_bug.cgi?id=1208694
CVE-2023-26606
sbeattie> reproducer in gist According to SUSE, fixed in 557d19675a47 ("fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs")
CVE-2023-26607 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate attributes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2023-26607` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-67.74~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1030.36~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1031.35~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1034.41~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1030.37~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1028.33~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-67.74~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1026.31~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-67.74~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-67.74~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1030.36~20.04.1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2023 Canonical Ltd.
2023-02-26
2023-02-26
CVE-2023-26607
sbeattie> reproducer in github gist cascardo> this requires a corrupt filesystem rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
CVE-2023-28328 on Ubuntu 20.04 LTS (focal) - medium.
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service. Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel contained a null pointer dereference when handling certain messages from user space. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2023-28328` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-144.161
linux-image-5.4.0-153-generic-lpae - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-generic - 5.4.0-144.161
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-144.161
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1097.105
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1059.65
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1095.102
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1045.50
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1087.93
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-69.76~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1094.103
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1032.38~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1081.92
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-144.161
linux-image-5.4.0-105-lowlatency - 5.4.0-144.161
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1097.105
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1033.37~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1104.110
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1035.42~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1059.65
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1031.38~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1095.102
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1029.34~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1065.69
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-69.76~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1045.50
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1027.32~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1087.93
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-69.76~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-69.76~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1094.103
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1032.38~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-03-15
2023-03-15
Wei Chen
https://bugzilla.redhat.com/show_bug.cgi?id=2177389
CVE-2023-28328
rodrigo-zaiden> USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1.
CVE-2023-32233 on Ubuntu 20.04 LTS (focal) - high.
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2023-32233` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-150.167
linux-image-5.4.0-153-generic-lpae - 5.4.0-150.167
linux-image-unsigned-5.4.0-153-generic - 5.4.0-150.167
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-150.167
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1103.111
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1037.41~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1109.115
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1039.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1109.115
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1039.46~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1064.70
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1106.115
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1035.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1100.107
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1034.39~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1070.74
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-73.80~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-73.80~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-73.80~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-73.80~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1050.55
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1092.98
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-73.80~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-73.80~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1102.111
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1036.42~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1086.97
No subscription required
linux-image-5.15.0-1036-generic - 5.15.0-1034.38~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-150.167
linux-image-5.4.0-105-lowlatency - 5.4.0-150.167
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1103.111
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1037.41~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1109.115
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1039.46~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1109.115
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1039.46~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1064.70
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1106.115
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1035.43~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1100.107
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1034.39~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1070.74
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-73.80~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-73.80~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1050.55
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1031.36~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1092.98
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-73.80~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-73.80~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1102.111
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1036.42~20.04.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2023 Canonical Ltd.
2023-05-08
2023-05-08
Patryk Sondej and Piotr Krysiuk
CVE-2023-32233
cascardo> requires CAP_NET_ADMIN, however this can be done within a new user namespace and network namespace - so can be mitigated by disabling unprivileged user namespaces.
CVE-2023-32269 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability. It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2023-32269` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-149.166
linux-image-5.4.0-153-generic-lpae - 5.4.0-149.166
linux-image-unsigned-5.4.0-153-generic - 5.4.0-149.166
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-149.166
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1102.110
No subscription required
linux-image-unsigned-5.15.0-1039-aws - 5.15.0-1036.40~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1108.114
No subscription required
linux-image-unsigned-5.15.0-1041-azure - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-azure-fde - 5.4.0-1108.114
No subscription required
linux-image-unsigned-5.15.0-1041-azure-fde - 5.15.0-1038.45~20.04.1.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1064.70
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1105.114
No subscription required
linux-image-unsigned-5.15.0-1037-gcp - 5.15.0-1034.42~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1099.106
No subscription required
linux-image-unsigned-5.15.0-1037-gke - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1069.73
No subscription required
linux-image-5.15.0-76-generic - 5.15.0-72.79~20.04.1
linux-image-5.15.0-76-generic-lpae - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-generic - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-generic-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1049.54
No subscription required
linux-image-unsigned-5.15.0-1034-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1091.97
No subscription required
linux-image-unsigned-5.15.0-76-lowlatency - 5.15.0-72.79~20.04.1
linux-image-unsigned-5.15.0-76-lowlatency-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1101.110
No subscription required
linux-image-unsigned-5.15.0-1038-oracle - 5.15.0-1035.41~20.04.1
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1085.96
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-149.166
linux-image-5.4.0-105-lowlatency - 5.4.0-149.166
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1102.110
No subscription required
linux-image-5.15.0-1015-aws - 5.15.0-1036.40~20.04.1
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1108.114
No subscription required
linux-image-5.15.0-1014-azure - 5.15.0-1038.45~20.04.1
No subscription required
linux-image-5.4.0-1072-azure-fde - 5.4.0-1108.114
No subscription required
linux-image-5.15.0-1037-azure-fde - 5.15.0-1038.45~20.04.1.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1064.70
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1105.114
No subscription required
linux-image-5.15.0-1013-gcp - 5.15.0-1034.42~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1099.106
No subscription required
linux-image-5.15.0-1011-gke - 5.15.0-1033.38~20.04.1
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1069.73
No subscription required
linux-image-5.15.0-41-generic - 5.15.0-72.79~20.04.1
linux-image-5.15.0-41-generic-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-5.4.0-1018-ibm - 5.4.0-1049.54
No subscription required
linux-image-5.15.0-1027-intel-iotg - 5.15.0-1030.35~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1091.97
No subscription required
linux-image-5.15.0-42-lowlatency - 5.15.0-72.79~20.04.1
linux-image-5.15.0-42-lowlatency-64k - 5.15.0-72.79~20.04.1
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1101.110
No subscription required
linux-image-5.15.0-1021-oracle - 5.15.0-1035.41~20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2023 Canonical Ltd.
2023-05-05
2023-05-05
CVE-2023-32269
sbeattie> requires either NET/ROM routing configuration in place or CAP_NET_ADMIN in the initial namespace to exploit.
CVE-2013-2596 on Ubuntu 20.04 LTS (focal) - low.
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
Update Instructions:
Run `sudo pro fix CVE-2013-2596` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2013 Canonical Ltd.
2013-04-13
CVE-2013-2596
sbeattie> requires write access to /dev/fb0 and other devices, which is usually on permitted to root and the video group.
CVE-2015-1350 on Ubuntu 20.04 LTS (focal) - low.
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2015-1350` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2016 Canonical Ltd.
2016-05-02
2016-05-02
Ben Harris
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492
https://launchpad.net/bugs/1415636
CVE-2015-1350
CVE-2015-5180 on Ubuntu 20.04 LTS (focal) - low.
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2015-5180` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.27-3ubuntu1
libc-bin - 2.27-3ubuntu1
libc6 - 2.27-3ubuntu1
libc6-amd64 - 2.27-3ubuntu1
libc6-armel - 2.27-3ubuntu1
libc6-i386 - 2.27-3ubuntu1
libc6-lse - 2.27-3ubuntu1
libc6-pic - 2.27-3ubuntu1
libc6-prof - 2.27-3ubuntu1
libc6-s390 - 2.27-3ubuntu1
libc6-x32 - 2.27-3ubuntu1
locales - 2.27-3ubuntu1
locales-all - 2.27-3ubuntu1
nscd - 2.27-3ubuntu1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2015 Canonical Ltd.
2015-08-10
2015-08-10
Florian Weimer
https://sourceware.org/bugzilla/show_bug.cgi?id=18784
https://bugzilla.redhat.com/show_bug.cgi?id=1249603
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796106
https://bugs.launchpad.net/bugs/1674532
CVE-2015-5180
tyhicks> See test case in the bug no fix upstream as of 2016-09-09 sbeattie> patch committed upstream on 2016-12-31; renames symbol so backporting may not be easy. commit included in glibc 2.25 release debian fixed this in unstable in 2.24-9 fixing this does indeed break the internal ABI between libnss_dns and libresolv. We're backing out this change. reverted from zesty in 2.24-9ubuntu2 by infinity. For existing releases, DO NOT APPLY THIS PATCH due to ABI breakage. Fix will come in to 17.10 when we get glibc-2.25 as we do not guarantee ABI for libresolv internals across different glibc releases, just for upgrades for same versions e.g. (2.24 -> 2.24) REPEAT: DO NOT APPLY THIS PATCH (UNMODIFIED) IN A STABLE RELEASE mdeslaur> marking this issue as ignored, as we will not be fixing this in Ubuntu stable releases.
CVE-2017-0786 on Ubuntu 20.04 LTS (focal) - medium.
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101.
Update Instructions:
Run `sudo pro fix CVE-2017-0786` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2017 Canonical Ltd.
2017-09-08
CVE-2017-0786
CVE-2017-1000408 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
Update Instructions:
Run `sudo pro fix CVE-2017-1000408` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.27-3ubuntu1
libc-bin - 2.27-3ubuntu1
libc6 - 2.27-3ubuntu1
libc6-amd64 - 2.27-3ubuntu1
libc6-armel - 2.27-3ubuntu1
libc6-i386 - 2.27-3ubuntu1
libc6-lse - 2.27-3ubuntu1
libc6-pic - 2.27-3ubuntu1
libc6-prof - 2.27-3ubuntu1
libc6-s390 - 2.27-3ubuntu1
libc6-x32 - 2.27-3ubuntu1
locales - 2.27-3ubuntu1
locales-all - 2.27-3ubuntu1
nscd - 2.27-3ubuntu1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2017 Canonical Ltd.
2017-12-13
2017-12-13
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884132
https://sourceware.org/bugzilla/show_bug.cgi?id=22606
CVE-2017-1000408
CVE-2017-1000409 on Ubuntu 20.04 LTS (focal) - low.
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
Update Instructions:
Run `sudo pro fix CVE-2017-1000409` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.27-3ubuntu1
libc-bin - 2.27-3ubuntu1
libc6 - 2.27-3ubuntu1
libc6-amd64 - 2.27-3ubuntu1
libc6-armel - 2.27-3ubuntu1
libc6-i386 - 2.27-3ubuntu1
libc6-lse - 2.27-3ubuntu1
libc6-pic - 2.27-3ubuntu1
libc6-prof - 2.27-3ubuntu1
libc6-s390 - 2.27-3ubuntu1
libc6-x32 - 2.27-3ubuntu1
locales - 2.27-3ubuntu1
locales-all - 2.27-3ubuntu1
nscd - 2.27-3ubuntu1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2017 Canonical Ltd.
2017-12-13
2017-12-13
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884133
https://sourceware.org/bugzilla/show_bug.cgi?id=22607
CVE-2017-1000409
CVE-2017-13080 on Ubuntu 20.04 LTS (focal) - high.
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
Update Instructions:
Run `sudo pro fix CVE-2017-13080` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
hostapd - 2.4-0ubuntu10
wpagui - 2.4-0ubuntu10
wpasupplicant - 2.4-0ubuntu10
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2017 Canonical Ltd.
2017-10-16
2017-10-16
Mathy Vanhoef
https://bugs.launchpad.net/intel/+bug/1728762
CVE-2017-13080
mdeslaur> related to intel wireless firmware issue CVE-2017-5729
CVE-2017-15670 on Ubuntu 20.04 LTS (focal) - low.
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
Update Instructions:
Run `sudo pro fix CVE-2017-15670` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.27-3ubuntu1
libc-bin - 2.27-3ubuntu1
libc6 - 2.27-3ubuntu1
libc6-amd64 - 2.27-3ubuntu1
libc6-armel - 2.27-3ubuntu1
libc6-i386 - 2.27-3ubuntu1
libc6-lse - 2.27-3ubuntu1
libc6-pic - 2.27-3ubuntu1
libc6-prof - 2.27-3ubuntu1
libc6-s390 - 2.27-3ubuntu1
libc6-x32 - 2.27-3ubuntu1
locales - 2.27-3ubuntu1
locales-all - 2.27-3ubuntu1
nscd - 2.27-3ubuntu1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2017 Canonical Ltd.
2017-10-20
2017-10-20
https://sourceware.org/bugzilla/show_bug.cgi?id=22320
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879501
CVE-2017-15670
CVE-2017-15804 on Ubuntu 20.04 LTS (focal) - low.
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
Update Instructions:
Run `sudo pro fix CVE-2017-15804` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.27-3ubuntu1
libc-bin - 2.27-3ubuntu1
libc6 - 2.27-3ubuntu1
libc6-amd64 - 2.27-3ubuntu1
libc6-armel - 2.27-3ubuntu1
libc6-i386 - 2.27-3ubuntu1
libc6-lse - 2.27-3ubuntu1
libc6-pic - 2.27-3ubuntu1
libc6-prof - 2.27-3ubuntu1
libc6-s390 - 2.27-3ubuntu1
libc6-x32 - 2.27-3ubuntu1
locales - 2.27-3ubuntu1
locales-all - 2.27-3ubuntu1
nscd - 2.27-3ubuntu1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2017 Canonical Ltd.
2017-10-22
2017-10-22
https://sourceware.org/bugzilla/show_bug.cgi?id=22332
CVE-2017-15804
CVE-2017-16644 on Ubuntu 20.04 LTS (focal) - low.
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. Andrey Konovalov discovered that the video4linux driver for Hauppauge HD PVR USB devices in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2017-16644` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2017 Canonical Ltd.
2017-11-07
2017-11-07
Andrey Konovalov
CVE-2017-16644
sbeattie> possibly introduced in 5612e191ca1f88e16c48bb373d90d1508196aa95
CVE-2017-16997 on Ubuntu 20.04 LTS (focal) - low.
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
Update Instructions:
Run `sudo pro fix CVE-2017-16997` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.27-3ubuntu1
libc-bin - 2.27-3ubuntu1
libc6 - 2.27-3ubuntu1
libc6-amd64 - 2.27-3ubuntu1
libc6-armel - 2.27-3ubuntu1
libc6-i386 - 2.27-3ubuntu1
libc6-lse - 2.27-3ubuntu1
libc6-pic - 2.27-3ubuntu1
libc6-prof - 2.27-3ubuntu1
libc6-s390 - 2.27-3ubuntu1
libc6-x32 - 2.27-3ubuntu1
locales - 2.27-3ubuntu1
locales-all - 2.27-3ubuntu1
nscd - 2.27-3ubuntu1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2017 Canonical Ltd.
2017-12-17
2017-12-17
Aurelien Jarno
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884615
CVE-2017-16997
CVE-2017-18269 on Ubuntu 20.04 LTS (focal) - medium.
An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.
Update Instructions:
Run `sudo pro fix CVE-2017-18269` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.28-0ubuntu1
libc-bin - 2.28-0ubuntu1
libc6 - 2.28-0ubuntu1
libc6-amd64 - 2.28-0ubuntu1
libc6-armel - 2.28-0ubuntu1
libc6-i386 - 2.28-0ubuntu1
libc6-lse - 2.28-0ubuntu1
libc6-pic - 2.28-0ubuntu1
libc6-prof - 2.28-0ubuntu1
libc6-s390 - 2.28-0ubuntu1
libc6-x32 - 2.28-0ubuntu1
locales - 2.28-0ubuntu1
locales-all - 2.28-0ubuntu1
nscd - 2.28-0ubuntu1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-05-18
2018-05-18
https://sourceware.org/bugzilla/show_bug.cgi?id=22644
CVE-2017-18269
sbeattie> introduced in glibc 2.21
CVE-2017-5967 on Ubuntu 20.04 LTS (focal) - low.
The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. It was discovered that the timer stats implementation in the Linux kernel allowed the discovery of a real PID value while inside a PID namespace. A local attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2017-5967` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2017 Canonical Ltd.
2017-02-14
2017-02-14
CVE-2017-5967
sbeattie> patch disables/removes CONFIG_TIMER_STATS entirely.
CVE-2017-9725 on Ubuntu 20.04 LTS (focal) - medium.
In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.
Update Instructions:
Run `sudo pro fix CVE-2017-9725` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2017 Canonical Ltd.
2017-09-21
CVE-2017-9725
CVE-2018-0734 on Ubuntu 20.04 LTS (focal) - low.
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
Update Instructions:
Run `sudo pro fix CVE-2018-0734` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1a-1ubuntu2
openssl - 1.1.1a-1ubuntu2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2018 Canonical Ltd.
2018-10-30
2018-10-30
mdeslaur
Samuel Weiser
CVE-2018-0734
mdeslaur> there are other similar commits in crypto/dsa/dsa_ossl.c that likely need backporting also. upstream advisory was ammended with more commits
CVE-2018-10322 on Ubuntu 20.04 LTS (focal) - low.
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2018-10322` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2018 Canonical Ltd.
2018-04-24
2018-04-24
CVE-2018-10322
CVE-2018-10323 on Ubuntu 20.04 LTS (focal) - low.
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2018-10323` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2018 Canonical Ltd.
2018-04-24
2018-04-24
Wen Xu
CVE-2018-10323
CVE-2018-10839 on Ubuntu 20.04 LTS (focal) - medium.
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
Update Instructions:
Run `sudo pro fix CVE-2018-10839` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:2.12+dfsg-3ubuntu9
qemu-block-extra - 1:2.12+dfsg-3ubuntu9
qemu-guest-agent - 1:2.12+dfsg-3ubuntu9
qemu-kvm - 1:2.12+dfsg-3ubuntu9
qemu-system - 1:2.12+dfsg-3ubuntu9
qemu-system-arm - 1:2.12+dfsg-3ubuntu9
qemu-system-common - 1:2.12+dfsg-3ubuntu9
qemu-system-data - 1:2.12+dfsg-3ubuntu9
qemu-system-gui - 1:2.12+dfsg-3ubuntu9
qemu-system-mips - 1:2.12+dfsg-3ubuntu9
qemu-system-misc - 1:2.12+dfsg-3ubuntu9
qemu-system-ppc - 1:2.12+dfsg-3ubuntu9
qemu-system-s390x - 1:2.12+dfsg-3ubuntu9
qemu-system-sparc - 1:2.12+dfsg-3ubuntu9
qemu-system-x86 - 1:2.12+dfsg-3ubuntu9
qemu-system-x86-microvm - 1:2.12+dfsg-3ubuntu9
qemu-system-x86-xen - 1:2.12+dfsg-3ubuntu9
qemu-user - 1:2.12+dfsg-3ubuntu9
qemu-user-binfmt - 1:2.12+dfsg-3ubuntu9
qemu-user-static - 1:2.12+dfsg-3ubuntu9
qemu-utils - 1:2.12+dfsg-3ubuntu9
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-10-16
2018-10-16
mdeslaur
Daniel Shapira, Arash Tohidi
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910431
CVE-2018-10839
CVE-2018-11237 on Ubuntu 20.04 LTS (focal) - medium.
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
Update Instructions:
Run `sudo pro fix CVE-2018-11237` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.28-0ubuntu1
libc-bin - 2.28-0ubuntu1
libc6 - 2.28-0ubuntu1
libc6-amd64 - 2.28-0ubuntu1
libc6-armel - 2.28-0ubuntu1
libc6-i386 - 2.28-0ubuntu1
libc6-lse - 2.28-0ubuntu1
libc6-pic - 2.28-0ubuntu1
libc6-prof - 2.28-0ubuntu1
libc6-s390 - 2.28-0ubuntu1
libc6-x32 - 2.28-0ubuntu1
locales - 2.28-0ubuntu1
locales-all - 2.28-0ubuntu1
nscd - 2.28-0ubuntu1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-05-18
2018-05-18
mdeslaur
https://sourceware.org/bugzilla/show_bug.cgi?id=23196
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899070
CVE-2018-11237
sbeattie> looks to have been introduced in 2.23
CVE-2018-11806 on Ubuntu 20.04 LTS (focal) - medium.
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
Update Instructions:
Run `sudo pro fix CVE-2018-11806` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:2.12+dfsg-3ubuntu8
qemu-block-extra - 1:2.12+dfsg-3ubuntu8
qemu-guest-agent - 1:2.12+dfsg-3ubuntu8
qemu-kvm - 1:2.12+dfsg-3ubuntu8
qemu-system - 1:2.12+dfsg-3ubuntu8
qemu-system-arm - 1:2.12+dfsg-3ubuntu8
qemu-system-common - 1:2.12+dfsg-3ubuntu8
qemu-system-data - 1:2.12+dfsg-3ubuntu8
qemu-system-gui - 1:2.12+dfsg-3ubuntu8
qemu-system-mips - 1:2.12+dfsg-3ubuntu8
qemu-system-misc - 1:2.12+dfsg-3ubuntu8
qemu-system-ppc - 1:2.12+dfsg-3ubuntu8
qemu-system-s390x - 1:2.12+dfsg-3ubuntu8
qemu-system-sparc - 1:2.12+dfsg-3ubuntu8
qemu-system-x86 - 1:2.12+dfsg-3ubuntu8
qemu-system-x86-microvm - 1:2.12+dfsg-3ubuntu8
qemu-system-x86-xen - 1:2.12+dfsg-3ubuntu8
qemu-user - 1:2.12+dfsg-3ubuntu8
qemu-user-binfmt - 1:2.12+dfsg-3ubuntu8
qemu-user-static - 1:2.12+dfsg-3ubuntu8
qemu-utils - 1:2.12+dfsg-3ubuntu8
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-06-13
2018-06-13
mdeslaur
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901017
CVE-2018-11806
CVE-2018-12617 on Ubuntu 20.04 LTS (focal) - medium.
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
Update Instructions:
Run `sudo pro fix CVE-2018-12617` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:2.12+dfsg-3ubuntu9
qemu-block-extra - 1:2.12+dfsg-3ubuntu9
qemu-guest-agent - 1:2.12+dfsg-3ubuntu9
qemu-kvm - 1:2.12+dfsg-3ubuntu9
qemu-system - 1:2.12+dfsg-3ubuntu9
qemu-system-arm - 1:2.12+dfsg-3ubuntu9
qemu-system-common - 1:2.12+dfsg-3ubuntu9
qemu-system-data - 1:2.12+dfsg-3ubuntu9
qemu-system-gui - 1:2.12+dfsg-3ubuntu9
qemu-system-mips - 1:2.12+dfsg-3ubuntu9
qemu-system-misc - 1:2.12+dfsg-3ubuntu9
qemu-system-ppc - 1:2.12+dfsg-3ubuntu9
qemu-system-s390x - 1:2.12+dfsg-3ubuntu9
qemu-system-sparc - 1:2.12+dfsg-3ubuntu9
qemu-system-x86 - 1:2.12+dfsg-3ubuntu9
qemu-system-x86-microvm - 1:2.12+dfsg-3ubuntu9
qemu-system-x86-xen - 1:2.12+dfsg-3ubuntu9
qemu-user - 1:2.12+dfsg-3ubuntu9
qemu-user-binfmt - 1:2.12+dfsg-3ubuntu9
qemu-user-static - 1:2.12+dfsg-3ubuntu9
qemu-utils - 1:2.12+dfsg-3ubuntu9
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-06-21
2018-06-21
mdeslaur
Fakhri Zulkifli
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902725
CVE-2018-12617
CVE-2018-13093 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2018-13093` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2018 Canonical Ltd.
2018-07-03
2018-07-03
Wen Xu
CVE-2018-13093
CVE-2018-13095 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2018-13095` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2018 Canonical Ltd.
2018-07-03
2018-07-03
Wen Xu
CVE-2018-13095
CVE-2018-13098 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode. Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2018-13098` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2018 Canonical Ltd.
2018-07-03
2018-07-03
Wen Xu
CVE-2018-13098
sbeattie> fix commit subject "f2fs: fix to do sanity check with extra_attr feature" tyhicks> The affected user base for this issue is likely small since f2fs is not the default filesystem and it is not widely used in Ubuntu
CVE-2018-14625 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2018-14625` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-09-10
2018-09-10
CVE-2018-14625
CVE-2018-17958 on Ubuntu 20.04 LTS (focal) - medium.
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
Update Instructions:
Run `sudo pro fix CVE-2018-17958` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:2.12+dfsg-3ubuntu9
qemu-block-extra - 1:2.12+dfsg-3ubuntu9
qemu-guest-agent - 1:2.12+dfsg-3ubuntu9
qemu-kvm - 1:2.12+dfsg-3ubuntu9
qemu-system - 1:2.12+dfsg-3ubuntu9
qemu-system-arm - 1:2.12+dfsg-3ubuntu9
qemu-system-common - 1:2.12+dfsg-3ubuntu9
qemu-system-data - 1:2.12+dfsg-3ubuntu9
qemu-system-gui - 1:2.12+dfsg-3ubuntu9
qemu-system-mips - 1:2.12+dfsg-3ubuntu9
qemu-system-misc - 1:2.12+dfsg-3ubuntu9
qemu-system-ppc - 1:2.12+dfsg-3ubuntu9
qemu-system-s390x - 1:2.12+dfsg-3ubuntu9
qemu-system-sparc - 1:2.12+dfsg-3ubuntu9
qemu-system-x86 - 1:2.12+dfsg-3ubuntu9
qemu-system-x86-microvm - 1:2.12+dfsg-3ubuntu9
qemu-system-x86-xen - 1:2.12+dfsg-3ubuntu9
qemu-user - 1:2.12+dfsg-3ubuntu9
qemu-user-binfmt - 1:2.12+dfsg-3ubuntu9
qemu-user-static - 1:2.12+dfsg-3ubuntu9
qemu-utils - 1:2.12+dfsg-3ubuntu9
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-10-09
2018-10-09
mdeslaur
Daniel Shapira, Arash Tohidi
CVE-2018-17958
CVE-2018-18281 on Ubuntu 20.04 LTS (focal) - medium.
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2018-18281` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-10-30
2018-10-30
Jann Horn
CVE-2018-18281
CVE-2018-19489 on Ubuntu 20.04 LTS (focal) - low.
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
Update Instructions:
Run `sudo pro fix CVE-2018-19489` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:3.1+dfsg-2ubuntu1
qemu-block-extra - 1:3.1+dfsg-2ubuntu1
qemu-guest-agent - 1:3.1+dfsg-2ubuntu1
qemu-kvm - 1:3.1+dfsg-2ubuntu1
qemu-system - 1:3.1+dfsg-2ubuntu1
qemu-system-arm - 1:3.1+dfsg-2ubuntu1
qemu-system-common - 1:3.1+dfsg-2ubuntu1
qemu-system-data - 1:3.1+dfsg-2ubuntu1
qemu-system-gui - 1:3.1+dfsg-2ubuntu1
qemu-system-mips - 1:3.1+dfsg-2ubuntu1
qemu-system-misc - 1:3.1+dfsg-2ubuntu1
qemu-system-ppc - 1:3.1+dfsg-2ubuntu1
qemu-system-s390x - 1:3.1+dfsg-2ubuntu1
qemu-system-sparc - 1:3.1+dfsg-2ubuntu1
qemu-system-x86 - 1:3.1+dfsg-2ubuntu1
qemu-system-x86-microvm - 1:3.1+dfsg-2ubuntu1
qemu-system-x86-xen - 1:3.1+dfsg-2ubuntu1
qemu-user - 1:3.1+dfsg-2ubuntu1
qemu-user-binfmt - 1:3.1+dfsg-2ubuntu1
qemu-user-static - 1:3.1+dfsg-2ubuntu1
qemu-utils - 1:3.1+dfsg-2ubuntu1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2018 Canonical Ltd.
2018-12-13
2018-12-13
Zhibin Hu
CVE-2018-19489
CVE-2018-19591 on Ubuntu 20.04 LTS (focal) - medium.
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.
Update Instructions:
Run `sudo pro fix CVE-2018-19591` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.29-0ubuntu2
libc-bin - 2.29-0ubuntu2
libc6 - 2.29-0ubuntu2
libc6-amd64 - 2.29-0ubuntu2
libc6-armel - 2.29-0ubuntu2
libc6-i386 - 2.29-0ubuntu2
libc6-lse - 2.29-0ubuntu2
libc6-pic - 2.29-0ubuntu2
libc6-prof - 2.29-0ubuntu2
libc6-s390 - 2.29-0ubuntu2
libc6-x32 - 2.29-0ubuntu2
locales - 2.29-0ubuntu2
locales-all - 2.29-0ubuntu2
nscd - 2.29-0ubuntu2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-12-04
2018-12-04
mdeslaur
https://sourceware.org/bugzilla/show_bug.cgi?id=23927
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914837
CVE-2018-19591
ebarretto> In trusty and precise the code that introduced the issue is not present. sbeattie> reproducer testcase in upstream bug report introduced in 2180fee114b778515b3f560e5ff1e795282e60b0 (2.27 cycle)
CVE-2018-20669 on Ubuntu 20.04 LTS (focal) - low.
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to cause a denial of service or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2018-20669` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-03-21
2019-03-21
Timothy Michaud
CVE-2018-20669
tyhicks> Only the i915_gem_execbuffer2_ioctl() changes are technically needed for this CVE. It would be ideal to audit the callers of the other changed functions in the fix commit. This CVE is being disputed. See the oss-security emails on 2019-02-07 for details. sbeattie> while this specific ioctl may or may not be vulnerable, the fix is generic aenough to possibly block other vulnerabilities.
CVE-2018-20976 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2018-20976` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-08-18
2019-08-18
CVE-2018-20976
CVE-2018-21008 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c. It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2018-21008` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-09-04
2019-09-04
CVE-2018-21008
CVE-2018-5383 on Ubuntu 20.04 LTS (focal) - medium.
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2018-5383` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-08-07
2018-08-07
Eli Biham and Lior Neumann
https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-5383
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-5383
CVE-2018-5383
mdeslaur> bluetooth firmware blobs need version 20.60 and higher Intel recommended to use the latest FW which is now 20.70 Intel page says "Any Linux kernel version 3.19 and higher will also need an update.", adding kernel packages.
CVE-2018-5407 on Ubuntu 20.04 LTS (focal) - low.
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
Update Instructions:
Run `sudo pro fix CVE-2018-5407` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1-1ubuntu2
openssl - 1.1.1-1ubuntu2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2018 Canonical Ltd.
2018-11-15
2018-11-15
mdeslaur
Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, Alejandro Cabrera Aldaya
CVE-2018-5407
mdeslaur> this is a hardware issue, but openssl did commit a workaround in 1.1.1, 1.1.0i
CVE-2018-5848 on Ubuntu 20.04 LTS (focal) - low.
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Update Instructions:
Run `sudo pro fix CVE-2018-5848` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2018 Canonical Ltd.
2018-06-12
CVE-2018-5848
CVE-2018-5953 on Ubuntu 20.04 LTS (focal) - negligible.
The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. It was discovered that the software IO TLB implementation in the Linux kernel could report kernel pointers via dmesg. An attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability.
Update Instructions:
Run `sudo pro fix CVE-2018-5953` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2018 Canonical Ltd.
2018-08-07
CVE-2018-5953
CVE-2018-5995 on Ubuntu 20.04 LTS (focal) - negligible.
The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. It was discovered that the per cpu memory allocator in the Linux kernel could report kernel pointers via dmesg. An attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability.
Update Instructions:
Run `sudo pro fix CVE-2018-5995` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2018 Canonical Ltd.
2018-08-07
2018-08-07
CVE-2018-5995
CVE-2018-6485 on Ubuntu 20.04 LTS (focal) - medium.
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
Update Instructions:
Run `sudo pro fix CVE-2018-6485` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.27-3ubuntu1
libc-bin - 2.27-3ubuntu1
libc6 - 2.27-3ubuntu1
libc6-amd64 - 2.27-3ubuntu1
libc6-armel - 2.27-3ubuntu1
libc6-i386 - 2.27-3ubuntu1
libc6-lse - 2.27-3ubuntu1
libc6-pic - 2.27-3ubuntu1
libc6-prof - 2.27-3ubuntu1
libc6-s390 - 2.27-3ubuntu1
libc6-x32 - 2.27-3ubuntu1
locales - 2.27-3ubuntu1
locales-all - 2.27-3ubuntu1
nscd - 2.27-3ubuntu1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2018 Canonical Ltd.
2018-02-01
2018-02-01
Jakub Wilk
http://bugs.debian.org/878159
https://sourceware.org/bugzilla/show_bug.cgi?id=22343
CVE-2018-6485
CVE-2018-7273 on Ubuntu 20.04 LTS (focal) - negligible.
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR. It was discovered that the floppy driver in the Linux kernel could report kernel pointers via dmesg. An attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability.
Update Instructions:
Run `sudo pro fix CVE-2018-7273` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2018 Canonical Ltd.
2018-02-21
CVE-2018-7273
sbeattie> kaslr info leak in floppy block driver
CVE-2018-7754 on Ubuntu 20.04 LTS (focal) - negligible.
The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. It was discovered that the debugfs implementation in the linux kernel could expose kernel addresses. A privileged attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability.
Update Instructions:
Run `sudo pro fix CVE-2018-7754` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2018 Canonical Ltd.
2018-08-10
CVE-2018-7754
tyhicks> Two mitigating factors for this issue are that debugfs files are restricted to root and KASLR is only used in 18.04 and newer
CVE-2019-0136 on Ubuntu 20.04 LTS (focal) - medium.
Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect).
Update Instructions:
Run `sudo pro fix CVE-2019-0136` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-06-13
2019-06-13
CVE-2019-0136
tyhicks> Ubuntu was told by an OEM that upstream commits 588f7d39b3592a36fb7702ae3b8bdd9be4621e2f and 79c92ca42b5a3e0ea172ea2ce8df8e125af237da address this CVE. We've reached out to Intel, on 2019-08-08, to confirm the commits and are waiting to hear back.
CVE-2019-0145 on Ubuntu 20.04 LTS (focal) - medium.
Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.
Update Instructions:
Run `sudo pro fix CVE-2019-0145` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-14
CVE-2019-0145
CVE-2019-0147 on Ubuntu 20.04 LTS (focal) - medium.
Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.
Update Instructions:
Run `sudo pro fix CVE-2019-0147` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-14
CVE-2019-0147
CVE-2019-0148 on Ubuntu 20.04 LTS (focal) - medium.
Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-0148` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-14
2019-11-14
Ryan Hall
CVE-2019-0148
CVE-2019-0149 on Ubuntu 20.04 LTS (focal) - medium.
Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.
Update Instructions:
Run `sudo pro fix CVE-2019-0149` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-14
CVE-2019-0149
sbeattie> *possibly* the same issue/fix as CVE-2019-0147; upstream claims it's all fixed by the same patch series.
CVE-2019-0154 on Ubuntu 20.04 LTS (focal) - medium.
Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2019-0154` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-12
2019-11-12
2019-11-12
CVE-2019-0154
tyhicks> This issue only affects Intel® Graphics Processing Units mdeslaur> this CVE was mitigated with a kernel update. As of 2020-03-06, there is no indication that a firmware update is required to fix this.
CVE-2019-0155 on Ubuntu 20.04 LTS (focal) - high.
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges.
Update Instructions:
Run `sudo pro fix CVE-2019-0155` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2019 Canonical Ltd.
2019-11-12
2019-11-12
2019-11-12
CVE-2019-0155
tyhicks> This issue only affects Intel® Graphics Processing Units
CVE-2019-10207 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash. It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2019-10207` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-07-29
2019-07-29
CVE-2019-10207
sbeattie> code execution is not possible unless mmap_min_addr is set to 0 (not the default)
CVE-2019-10220 on Ubuntu 20.04 LTS (focal) - medium.
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files.
Update Instructions:
Run `sudo pro fix CVE-2019-10220` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-27
2019-11-27
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10220
https://bugzilla.suse.com/show_bug.cgi?id=1144903
CVE-2019-10220
tyhicks> Exploiting this vulnerability requires a malicious Samba server
CVE-2019-11135 on Ubuntu 20.04 LTS (focal) - high.
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2019-11135` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
intel-microcode - 3.20191115.1ubuntu1
No subscription required
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2019 Canonical Ltd.
2019-11-12
2019-11-12
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck
2019-11-12
CVE-2019-11135
tyhicks> This issue only affects processors manufactured by Intel that support Intel® Transactional Synchronization Extensions (TSX)
CVE-2019-12881 on Ubuntu 20.04 LTS (focal) - medium.
i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0.
Update Instructions:
Run `sudo pro fix CVE-2019-12881` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-06-18
CVE-2019-12881
tyhicks> This issue only affects systems with Intel GPUs that utilize the i915 graphics driver
CVE-2019-13631 on Ubuntu 20.04 LTS (focal) - low.
In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-13631` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-07-17
2019-07-17
CVE-2019-13631
CVE-2019-14615 on Ubuntu 20.04 LTS (focal) - medium.
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2019-14615` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-01-14
2020-01-14
2020-01-14
CVE-2019-14615
tyhicks> This issue only affects systems with Intel Graphics Processing Units (GPUs) Gen8 Intel GPUs were previously fixed by commit 0160f055393f ("drm/i915/gen8: Add WaClearSlmSpaceAtContextSwitch workaround") Fixes are only available for Gen8 and Gen9 GPUs at this time Fixes for Gen6 and Gen7 may be available in the future
CVE-2019-14814 on Ubuntu 20.04 LTS (focal) - medium.
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-14814` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-08-28
2019-08-28
huangwen of ADLab of Venustech
2019-08-28
CVE-2019-14814
CVE-2019-14815 on Ubuntu 20.04 LTS (focal) - medium.
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-14815` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-08-28
2019-08-28
huangwen of ADLab of Venustech
2019-08-28
CVE-2019-14815
CVE-2019-14816 on Ubuntu 20.04 LTS (focal) - medium.
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-14816` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-08-28
2019-08-28
huangwen of ADLab of Venustech
2019-08-28
CVE-2019-14816
CVE-2019-14821 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-14821` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-10-01
2019-10-01
Matt Delco
2019-10-01
https://bugzilla.redhat.com/show_bug.cgi?id=1746708
CVE-2019-14821
tyhicks> An attacker needs write access to the /dev/kvm device file to exploit this flaw. By default, Ubuntu users don't have privileges to write to /dev/kvm. This is true even when libvirt is installed and in use.
CVE-2019-14895 on Ubuntu 20.04 LTS (focal) - medium.
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-14895` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-25
2019-11-25
2019-11-25
CVE-2019-14895
CVE-2019-14896 on Ubuntu 20.04 LTS (focal) - medium.
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-14896` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-25
2019-11-25
2019-11-25
CVE-2019-14896
CVE-2019-14897 on Ubuntu 20.04 LTS (focal) - medium.
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-14897` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-25
2019-11-25
2019-11-25
CVE-2019-14897
CVE-2019-14901 on Ubuntu 20.04 LTS (focal) - medium.
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-14901` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-29
2019-11-29
CVE-2019-14901
CVE-2019-15090 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2019-15090` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-08-15
2019-08-15
CVE-2019-15090
CVE-2019-15098 on Ubuntu 20.04 LTS (focal) - medium.
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-15098` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-08-16
2019-08-16
Hui Peng
CVE-2019-15098
CVE-2019-15099 on Ubuntu 20.04 LTS (focal) - medium.
drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-15099` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-08-16
2019-08-16
CVE-2019-15099
sbeattie> commit subject "ath10k: Fix a NULL-ptr-deref bug in ath10k_usb_alloc_urb_from_pipe"
CVE-2019-15117 on Ubuntu 20.04 LTS (focal) - medium.
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-15117` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-08-16
2019-08-16
Hui Peng and Mathias Payer
CVE-2019-15117
tyhicks> The parse_audio_mixer_unit() function has changed its handling of the input pins and source ID over time but I believe that it is vulnerable all the way back to the start of git history.
CVE-2019-15118 on Ubuntu 20.04 LTS (focal) - medium.
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-15118` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-08-16
2019-08-16
Hui Peng and Mathias Payer
CVE-2019-15118
CVE-2019-15211 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory. It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-15211` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-08-19
2019-08-19
CVE-2019-15211
tyhicks> Setting priority to low since this issue requires a malicious USB device to be inserted into the system
CVE-2019-15212 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2019-15212` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-08-19
2019-08-19
CVE-2019-15212
tyhicks> Setting priority to low since this issue requires a malicious USB device to be inserted into the system
CVE-2019-15215 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-15215` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-08-19
2019-08-19
CVE-2019-15215
tyhicks> Setting priority to low since this issue requires a malicious USB device to be inserted into the system
CVE-2019-15217 on Ubuntu 20.04 LTS (focal) - negligible.
An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-15217` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2019 Canonical Ltd.
2019-08-19
2019-08-19
CVE-2019-15217
tyhicks> Setting priority to negligible since this simple DoS requires a malicious USB device to be inserted into the system
CVE-2019-15218 on Ubuntu 20.04 LTS (focal) - negligible.
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-15218` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2019 Canonical Ltd.
2019-08-19
2019-08-19
CVE-2019-15218
tyhicks> Setting priority to negligible since this simple DoS requires a malicious USB device to be inserted into the system
CVE-2019-15219 on Ubuntu 20.04 LTS (focal) - negligible.
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.
Update Instructions:
Run `sudo pro fix CVE-2019-15219` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2019 Canonical Ltd.
2019-08-19
CVE-2019-15219
tyhicks> Setting priority to negligible since this simple DoS requires a malicious USB device to be inserted into the system
CVE-2019-15220 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-15220` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-08-19
2019-08-19
CVE-2019-15220
tyhicks> Setting priority to low since this issue requires a malicious USB device to be inserted into the system
CVE-2019-15221 on Ubuntu 20.04 LTS (focal) - negligible.
An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-15221` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2019 Canonical Ltd.
2019-08-19
2019-08-19
CVE-2019-15221
tyhicks> Setting priority to negligible since this simple DoS requires a malicious USB device to be inserted into the system
CVE-2019-15291 on Ubuntu 20.04 LTS (focal) - negligible.
An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver. It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-15291` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2019 Canonical Ltd.
2019-08-20
2019-08-20
CVE-2019-15291
tyhicks> Setting priority to negligible since this simple DoS requires a malicious USB device to be inserted into the system As of 2019-08-26, there's no upstream fix.
CVE-2019-1547 on Ubuntu 20.04 LTS (focal) - low.
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
Update Instructions:
Run `sudo pro fix CVE-2019-1547` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1d-2ubuntu1
openssl - 1.1.1d-2ubuntu1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-10
2019-09-10
mdeslaur
Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley
CVE-2019-1547
mdeslaur> code isn't compiled into edk2
CVE-2019-1549 on Ubuntu 20.04 LTS (focal) - low.
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).
Update Instructions:
Run `sudo pro fix CVE-2019-1549` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
ovmf - 0~20191122.bd85bf54-2
qemu-efi - 0~20191122.bd85bf54-2
qemu-efi-aarch64 - 0~20191122.bd85bf54-2
qemu-efi-arm - 0~20191122.bd85bf54-2
No subscription required
libssl1.1 - 1.1.1d-2ubuntu1
openssl - 1.1.1d-2ubuntu1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-10
2019-09-10
Matt Caswell
CVE-2019-1549
mdeslaur> only affected 1.1.1
CVE-2019-15504 on Ubuntu 20.04 LTS (focal) - low.
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). Hui Peng and Mathias Payer discovered that the 91x Wi-Fi driver in the Linux kernel did not properly handle error conditions on initialization, leading to a double-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-15504` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-08-23
2019-08-23
Hui Peng and Mathias Payer
CVE-2019-15504
tyhicks> Setting priority to low since this issue requires a malicious USB device to be inserted into the system
CVE-2019-15505 on Ubuntu 20.04 LTS (focal) - low.
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2019-15505` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-08-23
2019-08-23
CVE-2019-15505
tyhicks> Setting priority to low since this issue requires a malicious USB device to be inserted into the system
CVE-2019-1551 on Ubuntu 20.04 LTS (focal) - low.
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).
Update Instructions:
Run `sudo pro fix CVE-2019-1551` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu1
openssl - 1.1.1f-1ubuntu1
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-06
2019-12-06
mdeslaur
Guido Vranken
CVE-2019-1551
mdeslaur> affected file isn't built in edk2
CVE-2019-15538 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2019-15538` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-08-25
2019-08-25
Benjamin Moody
CVE-2019-15538
CVE-2019-1559 on Ubuntu 20.04 LTS (focal) - medium.
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
Update Instructions:
Run `sudo pro fix CVE-2019-1559` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1a-1ubuntu2
openssl - 1.1.1a-1ubuntu2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-02-26
2019-02-26
Juraj Somorovsky, Robert Merget and Nimrod Aviram
CVE-2019-1559
mdeslaur> doesn't affect 1.1.x this fix is a workaround for applications that call SSL_shutdown() twice even if a protocol error has occurred upstream fix uses error handling mechanism introduced in 1.0.2, which isn't available in 1.0.1f. While we are unlikely to fix this issue in Ubuntu 14.04 LTS, marking as deferred for now in case the vulnerable applications are identified.
CVE-2019-15794 on Ubuntu 20.04 LTS (focal) - medium.
Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow. Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux kernel did not properly handle reference counting during memory mapping operations when used in conjunction with AUFS. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-15794` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-08
2019-11-08
Jann Horn
https://bugs.launchpad.net/bugs/1850994
CVE-2019-15794
CVE-2019-15902 on Ubuntu 20.04 LTS (focal) - medium.
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2019-15902` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-09-04
2019-09-04
Brad Spengler
CVE-2019-15902
CVE-2019-15918 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21. It was discovered that the SMB networking file system implementation in the Linux kernel contained a buffer overread. An attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2019-15918` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-09-04
2019-09-04
CVE-2019-15918
CVE-2019-15925 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c. It was discovered that the Hisilicon HNS3 ethernet device driver in the Linux kernel contained an out of bounds access vulnerability. A local attacker could use this to possibly cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-15925` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-04
2019-09-04
CVE-2019-15925
CVE-2019-15926 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c. It was discovered that the Atheros mobile chipset driver in the Linux kernel did not properly validate data in some situations. An attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-15926` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-09-04
2019-09-04
CVE-2019-15926
CVE-2019-16089 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value. It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-16089` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-42.46
linux-image-5.4.0-153-generic-lpae - 5.4.0-42.46
linux-image-unsigned-5.4.0-153-generic - 5.4.0-42.46
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-42.46
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1020.20
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1020.20
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-30.34
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-42.46
linux-image-5.4.0-105-lowlatency - 5.4.0-42.46
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1020.20
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1022.22
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1021.21
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1020.20
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1021.21
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-06
2019-09-06
https://bugzilla.suse.com/show_bug.cgi?id=1150004
CVE-2019-16089
sbeattie> fix has not landed upstream as of 2020-04-22
CVE-2019-16229 on Ubuntu 20.04 LTS (focal) - low.
** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id. It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2019-16229` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-11
2019-09-11
CVE-2019-16229
tyhicks> As of 2019-09-27, there is no upstream fix available
CVE-2019-16231 on Ubuntu 20.04 LTS (focal) - low.
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2019-16231` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-11
2019-09-11
CVE-2019-16231
CVE-2019-16232 on Ubuntu 20.04 LTS (focal) - low.
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2019-16232` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-11
2019-09-11
CVE-2019-16232
CVE-2019-16233 on Ubuntu 20.04 LTS (focal) - low.
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-16233` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-11
2019-09-11
CVE-2019-16233
CVE-2019-16234 on Ubuntu 20.04 LTS (focal) - low.
drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-16234` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-11
2019-09-11
CVE-2019-16234
CVE-2019-16714 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. It was discovered that the IPv6 RDS implementation in the Linux kernel did not properly initialize fields in a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). Please note that the RDS protocol is blacklisted in Ubuntu by default.
Update Instructions:
Run `sudo pro fix CVE-2019-16714` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-23
2019-09-23
CVE-2019-16714
tyhicks> This is a local info leak that is only reachable by calling the getsockopt(2) system call on an IPv6 RDS socket. By default, the rds.ko module is blacklisted in Ubuntu 14.04 LTS and newer releases.
CVE-2019-16746 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-16746` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-09-24
2019-09-24
CVE-2019-16746
CVE-2019-17052 on Ubuntu 20.04 LTS (focal) - medium.
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket.
Update Instructions:
Run `sudo pro fix CVE-2019-17052` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-10-01
2019-10-01
Ori Nimron
CVE-2019-17052
CVE-2019-17053 on Ubuntu 20.04 LTS (focal) - medium.
ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket.
Update Instructions:
Run `sudo pro fix CVE-2019-17053` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-10-01
2019-10-01
Ori Nimron
CVE-2019-17053
CVE-2019-17054 on Ubuntu 20.04 LTS (focal) - medium.
atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket.
Update Instructions:
Run `sudo pro fix CVE-2019-17054` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-10-01
2019-10-01
Ori Nimron
CVE-2019-17054
CVE-2019-17055 on Ubuntu 20.04 LTS (focal) - medium.
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket.
Update Instructions:
Run `sudo pro fix CVE-2019-17055` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-10-01
2019-10-01
Ori Nimron
CVE-2019-17055
CVE-2019-17056 on Ubuntu 20.04 LTS (focal) - medium.
llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176. Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket.
Update Instructions:
Run `sudo pro fix CVE-2019-17056` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-10-01
2019-10-01
Ori Nimron
CVE-2019-17056
CVE-2019-17075 on Ubuntu 20.04 LTS (focal) - negligible.
An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-17075` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2019 Canonical Ltd.
2019-10-01
2019-10-01
Nicolas Waisman
CVE-2019-17075
CVE-2019-17133 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-17133` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-10-04
2019-10-04
Nicolas Waisman
CVE-2019-17133
sbeattie> 4ac2813cc867ae563a1ba5a9414bfb554e5796fa would be a good secondary line of defense
CVE-2019-17351 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7. Julien Grall discovered that the Xen balloon memory driver in the Linux kernel did not properly restrict the amount of memory set aside for page mappings in some situations. An attacker could use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-17351` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-10-08
2019-10-08
Julien Grall
CVE-2019-17351
CVE-2019-17666 on Ubuntu 20.04 LTS (focal) - medium.
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-17666` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-10-17
2019-10-17
Nico Waisman
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17666
CVE-2019-17666
CVE-2019-18282 on Ubuntu 20.04 LTS (focal) - medium.
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.
Update Instructions:
Run `sudo pro fix CVE-2019-18282` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-01-16
CVE-2019-18282
CVE-2019-18683 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges.
Update Instructions:
Run `sudo pro fix CVE-2019-18683` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-04
2019-11-04
CVE-2019-18683
tyhicks> This rarely used driver module cannot be loaded by an unprivileged user so the impact is lessened
CVE-2019-18786 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. It was discovered that the Renesas Digital Radio Interface (DRIF) driver in the Linux kernel did not properly initialize data. A local attacker could possibly use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2019-18786` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-06
2019-11-06
CVE-2019-18786
CVE-2019-18805 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
Update Instructions:
Run `sudo pro fix CVE-2019-18805` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-07
CVE-2019-18805
sbeattie> requires write access to /proc/sys/net/ipv4/tcp_min_rtt_wlen ... which is probably possible with unprivileged user namespaces; Marking when this sysctl was added as the break line
CVE-2019-18806 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.
Update Instructions:
Run `sudo pro fix CVE-2019-18806` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-07
CVE-2019-18806
CVE-2019-18808 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247. It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-18808` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-48.52
linux-image-5.4.0-153-generic-lpae - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-generic - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-48.52
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1024.24
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1019.21
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-34.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-48.52
linux-image-5.4.0-105-lowlatency - 5.4.0-48.52
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1025.25
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1026.26
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1025.25
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1024.24
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-07
2019-11-07
CVE-2019-18808
CVE-2019-18809 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. It was discovered that the Afatech AF9005 DVB-T USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-18809` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-07
2019-11-07
CVE-2019-18809
tyhicks> The Fixes tag in the fix commit is incorrect. c58b84ee467b introduced the leak.
CVE-2019-18811 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. It was discovered that the Sound Open Firmware (SOF) driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-18811` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-07
2019-11-07
CVE-2019-18811
CVE-2019-18813 on Ubuntu 20.04 LTS (focal) - negligible.
A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8. It was discovered that the DesignWare USB3 controller driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-18813` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2019 Canonical Ltd.
2019-11-07
2019-11-07
CVE-2019-18813
CVE-2019-18885 on Ubuntu 20.04 LTS (focal) - low.
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-18885` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-14
2019-11-14
CVE-2019-18885
CVE-2019-19036 on Ubuntu 20.04 LTS (focal) - low.
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero. It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-19036` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-21
2019-11-21
bobfuzzer
https://bugzilla.suse.com/show_bug.cgi?id=1157692
CVE-2019-19036
tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted sbeattie> likely addressed by the btrfs write time tree-checker, which would mean it is addressed for kernels back through 4.4.x
CVE-2019-19037 on Ubuntu 20.04 LTS (focal) - low.
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
Update Instructions:
Run `sudo pro fix CVE-2019-19037` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-21
CVE-2019-19037
tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted
CVE-2019-19039 on Ubuntu 20.04 LTS (focal) - negligible.
** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case.” It was discovered that the btrfs file system in the Linux kernel in some error conditions could report register information to the dmesg buffer. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2019-19039` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-31.35
linux-image-5.4.0-153-generic-lpae - 5.4.0-31.35
linux-image-unsigned-5.4.0-153-generic - 5.4.0-31.35
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-31.35
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1012.12
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1010.10
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-26.30
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-31.35
linux-image-5.4.0-105-lowlatency - 5.4.0-31.35
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1012.12
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1011.11
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1010.10
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1011.11
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2019 Canonical Ltd.
2019-11-21
2019-11-21
https://bugzilla.suse.com/show_bug.cgi?id=1157719
CVE-2019-19039
tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted
CVE-2019-19043 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering i40e_setup_channel() failures, aka CID-27d461333459. It was discovered that the Intel(R) XL710 Ethernet Controller device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19043` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19043
CVE-2019-19045 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7. It was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19045` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19045
CVE-2019-19046 on Ubuntu 20.04 LTS (focal) - low.
** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time. It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19046` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19046
CVE-2019-19048 on Ubuntu 20.04 LTS (focal) - medium.
A memory leak in the crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering copy_form_user() failures, aka CID-e0b0cb938864. It was discovered that the VirtualBox guest driver implementation in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19048` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19048
CVE-2019-19050 on Ubuntu 20.04 LTS (focal) - medium.
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1. It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19050` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19050
CVE-2019-19051 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7. It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19051` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19051
CVE-2019-19052 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A physically proximate attacker could use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19052` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19052
CVE-2019-19053 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2. It was discovered that the RPMSG character device interface in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19053` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19053
CVE-2019-19054 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19054` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-48.52
linux-image-5.4.0-153-generic-lpae - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-generic - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-48.52
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1026.26
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1024.24
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1019.21
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-34.38
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-48.52
linux-image-5.4.0-105-lowlatency - 5.4.0-48.52
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1025.25
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1026.26
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1025.25
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1024.24
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1025.25
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19054
CVE-2019-19055 on Ubuntu 20.04 LTS (focal) - low.
** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred. It was discovered that the netlink-based 802.11 configuration interface in the Linux kernel did not deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19055` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19055
CVE-2019-19056 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932. It was discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19056` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19056
CVE-2019-19057 on Ubuntu 20.04 LTS (focal) - low.
Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex Driver for the Linux kernel. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19057` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19057
CVE-2019-19058 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5. It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19058` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19058
CVE-2019-19059 on Ubuntu 20.04 LTS (focal) - low.
Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa. It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19059` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19059
CVE-2019-19060 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19060` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19060
CVE-2019-19061 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3. It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19061` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19061
CVE-2019-19062 on Ubuntu 20.04 LTS (focal) - medium.
A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19062` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19062
CVE-2019-19063 on Ubuntu 20.04 LTS (focal) - low.
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19063` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19063
CVE-2019-19064 on Ubuntu 20.04 LTS (focal) - low.
** DISPUTED ** A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka CID-057b8945f78f. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control these failures at probe time. It was discovered that the Serial Peripheral Interface (SPI) driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19064` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19064
CVE-2019-19065 on Ubuntu 20.04 LTS (focal) - low.
** DISPUTED ** A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability because "rhashtable_init() can only fail if it is passed invalid values in the second parameter's struct, but when invoked from sdma_init() that is a pointer to a static const struct, so an attacker could only trigger failure if they could corrupt kernel memory (in which case a small memory leak is not a significant problem)." It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19065` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19065
CVE-2019-19066 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. It was discovered that the Brocade BFA Fibre Channel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19066` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19066
CVE-2019-19067 on Ubuntu 20.04 LTS (focal) - low.
** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading. It was discovered that the AMD Audio Coprocessor driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker with the ability to load modules could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19067` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19067
CVE-2019-19068 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19068` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19068
CVE-2019-19071 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c. It was discovered that the RSI 91x WLAN device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19071` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19071
CVE-2019-19072 on Ubuntu 20.04 LTS (focal) - medium.
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6. It was discovered that the event tracing subsystem of the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19072` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19072
CVE-2019-19073 on Ubuntu 20.04 LTS (focal) - low.
Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19073` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-aws - 5.11.0-1009.9~20.04.2
No subscription required
linux-image-5.8.0-1042-aws - 5.8.0-1035.37~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-unsigned-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1066-bluefield - 5.4.0-1007.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1103-gke - 5.4.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-lpae - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-unsigned-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-unsigned-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.11.0-1028-generic - 5.11.0-1015.16~20.04.1
No subscription required
linux-image-5.8.0-29-generic - 5.8.0-14.16~20.04.1
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.11.0-1028-azure - 5.11.0-1007.7~20.04.2
No subscription required
linux-image-5.8.0-1043-azure - 5.8.0-1033.35~20.04.1
No subscription required
linux-image-5.4.0-1030-bluefield - 5.4.0-1007.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.8.0-1039-gcp - 5.8.0-1032.34~20.04.1
No subscription required
linux-image-5.4.0-1066-gke - 5.4.0-1033.35
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.11.0-46-generic - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-generic-64k - 5.11.0-22.23~20.04.1
linux-image-5.11.0-46-lowlatency - 5.11.0-22.23~20.04.1
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.13.0-1029-oem - 5.13.0-1009.10
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.11.0-1028-oracle - 5.11.0-1008.8~20.04.1
No subscription required
linux-image-5.8.0-1038-oracle - 5.8.0-1031.32~20.04.2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19073
CVE-2019-19075 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e. It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19075` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19075
CVE-2019-19076 on Ubuntu 20.04 LTS (focal) - low.
** DISPUTED ** A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted. It was discovered that there was a memory leak in the Advanced Buffer Management functionality of the Netronome NFP4000/NFP6000 NIC Driver in the Linux kernel during certain error scenarios. A local attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19076` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19076
sbeattie> reverted in 1d1997db870f4058676439ef7014390ba9e24eb2, in part due to upstream determining that there was no memory leak.
CVE-2019-19077 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14. It was discovered that the Broadcom Netxtreme HCA device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19077` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19077
CVE-2019-19078 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2. It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19078` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19078
CVE-2019-19079 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19. It was discovered that the Qualcomm IPC Router TUN device driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19079` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19079
CVE-2019-19080 on Ubuntu 20.04 LTS (focal) - low.
Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.
Update Instructions:
Run `sudo pro fix CVE-2019-19080` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
CVE-2019-19080
CVE-2019-19081 on Ubuntu 20.04 LTS (focal) - low.
A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.
Update Instructions:
Run `sudo pro fix CVE-2019-19081` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
CVE-2019-19081
CVE-2019-19082 on Ubuntu 20.04 LTS (focal) - low.
Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad. It was discovered that the AMD GPU device drivers in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19082` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19082
CVE-2019-19083 on Ubuntu 20.04 LTS (focal) - low.
Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1. It was discovered that the AMD Display Engine Driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attack could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-19083` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-18
2019-11-18
CVE-2019-19083
CVE-2019-19126 on Ubuntu 20.04 LTS (focal) - low.
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
Update Instructions:
Run `sudo pro fix CVE-2019-19126` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu7
libc-bin - 2.31-0ubuntu7
libc6 - 2.31-0ubuntu7
libc6-amd64 - 2.31-0ubuntu7
libc6-armel - 2.31-0ubuntu7
libc6-i386 - 2.31-0ubuntu7
libc6-lse - 2.31-0ubuntu7
libc6-pic - 2.31-0ubuntu7
libc6-prof - 2.31-0ubuntu7
libc6-s390 - 2.31-0ubuntu7
libc6-x32 - 2.31-0ubuntu7
locales - 2.31-0ubuntu7
locales-all - 2.31-0ubuntu7
nscd - 2.31-0ubuntu7
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-19
2019-11-19
https://sourceware.org/bugzilla/show_bug.cgi?id=25204
CVE-2019-19126
sbeattie> introduced in b9eb92ab05204df772eb4929eccd018637c9f3e9, so glibc 2.23
CVE-2019-19227 on Ubuntu 20.04 LTS (focal) - low.
In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122. Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-19227` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-22
2019-11-22
Dan Carpenter
CVE-2019-19227
CVE-2019-19241 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context. It was discovered that the IO uring implementation in the Linux kernel did not properly perform credentials checks in certain situations. A local attacker could possibly use this to gain administrative privileges.
Update Instructions:
Run `sudo pro fix CVE-2019-19241` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-12-17
2019-12-17
CVE-2019-19241
CVE-2019-19252 on Ubuntu 20.04 LTS (focal) - medium.
vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. Or Cohen discovered that the virtual console subsystem in the Linux kernel did not properly restrict writes to unimplemented vcsu (unicode) devices. A local attacker could possibly use this to cause a denial of service (system crash) or have other unspecified impacts.
Update Instructions:
Run `sudo pro fix CVE-2019-19252` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-25
2019-11-25
Or Cohen
CVE-2019-19252
CVE-2019-19318 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-19318` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-28
https://bugzilla.suse.com/show_bug.cgi?id=1158026
CVE-2019-19318
tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted sbeattie> possibly fixed by btrfs tree checker, which would mean it's addressed for all kernels 4.4.x and newer.
CVE-2019-19319 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30. It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle setxattr operations in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-19319` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-27
2019-11-27
https://bugzilla.suse.com/show_bug.cgi?id=1158021
CVE-2019-19319
tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted sbeattie> it's asserted by Jan Kara in the suse bug below that 345c0dbf3a30 (plus related commits) addresses the issue
CVE-2019-19332 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-19332` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-01-09
2020-01-09
CVE-2019-19332
CVE-2019-19377 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-19377` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-31.35
linux-image-5.4.0-153-generic-lpae - 5.4.0-31.35
linux-image-unsigned-5.4.0-153-generic - 5.4.0-31.35
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-31.35
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1012.12
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1010.10
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-26.30
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-31.35
linux-image-5.4.0-105-lowlatency - 5.4.0-31.35
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1012.12
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1011.11
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1010.10
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1011.11
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-11-29
2019-11-29
CVE-2019-19377
tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted
CVE-2019-19447 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
Update Instructions:
Run `sudo pro fix CVE-2019-19447` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-08
https://bugzilla.kernel.org/show_bug.cgi?id=205433
CVE-2019-19447
tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted
CVE-2019-19462 on Ubuntu 20.04 LTS (focal) - medium.
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-19462` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-42.46
linux-image-5.4.0-153-generic-lpae - 5.4.0-42.46
linux-image-unsigned-5.4.0-153-generic - 5.4.0-42.46
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-42.46
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1020.20
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1018.18
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1021.21
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-30.34
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-42.46
linux-image-5.4.0-105-lowlatency - 5.4.0-42.46
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1020.20
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1021.21
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1020.20
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1018.18
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1021.21
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-11-30
2019-11-30
syzkaller
CVE-2019-19462
CVE-2019-19523 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.
Update Instructions:
Run `sudo pro fix CVE-2019-19523` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
CVE-2019-19523
CVE-2019-19524 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. It was discovered that the driver for memoryless force-feedback input devices in the Linux kernel contained a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-19524` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
2019-12-03
CVE-2019-19524
CVE-2019-19525 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.
Update Instructions:
Run `sudo pro fix CVE-2019-19525` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
CVE-2019-19525
CVE-2019-19526 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098. It was discovered that the NXP PN533 NFC USB driver in the Linux kernel did not properly free resources after a late probe error, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-19526` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
2019-12-03
CVE-2019-19526
CVE-2019-19527 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.
Update Instructions:
Run `sudo pro fix CVE-2019-19527` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
CVE-2019-19527
CVE-2019-19528 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.
Update Instructions:
Run `sudo pro fix CVE-2019-19528` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
CVE-2019-19528
CVE-2019-19529 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. It was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-19529` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
2019-12-03
CVE-2019-19529
CVE-2019-19530 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.
Update Instructions:
Run `sudo pro fix CVE-2019-19530` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
CVE-2019-19530
CVE-2019-19531 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.
Update Instructions:
Run `sudo pro fix CVE-2019-19531` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
CVE-2019-19531
CVE-2019-19532 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c. It was discovered that multiple USB HID device drivers in the Linux kernel did not properly validate device metadata on attachment, leading to out-of- bounds writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-19532` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
2019-12-03
CVE-2019-19532
CVE-2019-19533 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
Update Instructions:
Run `sudo pro fix CVE-2019-19533` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
CVE-2019-19533
CVE-2019-19534 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2019-19534` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
2019-12-03
CVE-2019-19534
CVE-2019-19535 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
Update Instructions:
Run `sudo pro fix CVE-2019-19535` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
CVE-2019-19535
CVE-2019-19536 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
Update Instructions:
Run `sudo pro fix CVE-2019-19536` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
CVE-2019-19536
CVE-2019-19537 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
Update Instructions:
Run `sudo pro fix CVE-2019-19537` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-03
CVE-2019-19537
CVE-2019-19602 on Ubuntu 20.04 LTS (focal) - medium.
fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc. It was discovered that a race condition existed in the Linux kernel on x86 platforms when keeping track of which process was assigned control of the FPU. A local attacker could use this to cause a denial of service (memory corruption) or possibly gain administrative privileges.
Update Instructions:
Run `sudo pro fix CVE-2019-19602` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-12-05
2019-12-05
CVE-2019-19602
CVE-2019-19767 on Ubuntu 20.04 LTS (focal) - low.
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle certain conditions. An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2019-19767` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-12
2019-12-12
CVE-2019-19767
CVE-2019-19768 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2019-19768` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-21.25
linux-image-5.4.0-153-generic-lpae - 5.4.0-21.25
linux-image-unsigned-5.4.0-153-generic - 5.4.0-21.25
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-21.25
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-21.25
linux-image-5.4.0-105-lowlatency - 5.4.0-21.25
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1006.6
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1007.7
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-12-12
2019-12-12
Tristan Madani
CVE-2019-19768
CVE-2019-19769 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). Tristan Madani discovered that the file locking implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service or expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2019-19769` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-24.28
linux-image-5.4.0-153-generic-lpae - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-generic - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-24.28
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1009.9
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-24.28
linux-image-5.4.0-105-lowlatency - 5.4.0-24.28
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1009.9
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1007.7
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1008.8
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-12-12
2019-12-12
Tristan Madani
CVE-2019-19769
sbeattie> first attempted fix was 6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da but that showed performance issues in synthetic benchmarks, more complex fix is dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a may be introduced by 16306a61d3b7c433c7a127ec6224867b88ece687 no confirmation that the fixes listed actually address the reporter's issue the conservative fix for this issue may be to just apply 6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da
CVE-2019-19813 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-19813` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-17
2019-12-17
bobfuzzer
https://bugzilla.suse.com/show_bug.cgi?id=1159435
CVE-2019-19813
tyhicks> As of 2020-01-09, no upstream fix is available sbeattie> upstream developer asserts in suse bug that the enhanced btrfs tree-checker addresses this issue, which was backported to at least the 4.4 kernel.
CVE-2019-19816 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-19816` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-17
2019-12-17
bobfuzzer
https://bugzilla.suse.com/show_bug.cgi?id=1159439
CVE-2019-19816
tyhicks> As of 2020-01-09, no upstream fix is available sbeattie> upstream developer asserts in suse bug that the enhanced btrfs tree-checker will address this issue, so would be fixed in 4.4.x and newer
CVE-2019-19922 on Ubuntu 20.04 LTS (focal) - medium.
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.) It was discovered that in some situations the fair scheduler in the Linux kernel did not permit a process to use its full quota time slice. A local attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2019-19922` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-12-22
2019-12-22
CVE-2019-19922
CVE-2019-19947 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2019-19947` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-24
2019-12-24
CVE-2019-19947
tyhicks> I don't think that the Fixes tag in patch is correct and that the info leaks were possible since the initial inclusion of the driver
CVE-2019-19965 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2019-19965` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-12-25
2019-12-25
Gao Chuan
CVE-2019-19965
CVE-2019-19966 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
Update Instructions:
Run `sudo pro fix CVE-2019-19966` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-12-25
CVE-2019-19966
CVE-2019-20054 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
Update Instructions:
Run `sudo pro fix CVE-2019-20054` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-12-28
CVE-2019-20054
CVE-2019-20096 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. It was discovered that the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could possibly use this to cause a denial of service (kernel memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-20096` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-12-30
2019-12-30
CVE-2019-20096
CVE-2019-20636 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
Update Instructions:
Run `sudo pro fix CVE-2019-20636` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-04-08
CVE-2019-20636
CVE-2019-20806 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.
Update Instructions:
Run `sudo pro fix CVE-2019-20806` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-05-27
CVE-2019-20806
CVE-2019-20810 on Ubuntu 20.04 LTS (focal) - low.
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2019-20810` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-06-03
2020-06-03
Chuhong Yuan
CVE-2019-20810
CVE-2019-20811 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. Yue Haibing discovered that the Linux kernel did not properly handle reference counting in sysfs for network devices in some situations. A local attacker could possibly use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2019-20811` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-06-03
2020-06-03
Yue Haibing
CVE-2019-20811
CVE-2019-20812 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.
Update Instructions:
Run `sudo pro fix CVE-2019-20812` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-06-03
Mao Wenan
CVE-2019-20812
CVE-2019-20934 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
Update Instructions:
Run `sudo pro fix CVE-2019-20934` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-28
CVE-2019-20934
CVE-2019-3016 on Ubuntu 20.04 LTS (focal) - medium.
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information (read memory from another guest VM).
Update Instructions:
Run `sudo pro fix CVE-2019-3016` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-01-30
2020-01-30
cascardo
2020-01-30
CVE-2019-3016
tyhicks> This issue does not affect default installations of Ubuntu as the paravirtual TLB flush feature in KVM is not enabled by default. The QEMU CPU feature "kvm-pv-tlb-flush" is used to enable paravirtual TLB flush. cascardo> It is thought that issue does not affect Intel processors *not* supporting Process-Context Identifiers (PCIDs). You can check support for PCIDs on systems with Intel processors by running "grep pcid /proc/cpuinfo" and verifying that "pcid" shows as one of the flags. it was mentioned that it was only easily reproducible on AMD CPUs.
CVE-2019-3812 on Ubuntu 20.04 LTS (focal) - medium.
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
Update Instructions:
Run `sudo pro fix CVE-2019-3812` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:3.1+dfsg-2ubuntu3
qemu-block-extra - 1:3.1+dfsg-2ubuntu3
qemu-guest-agent - 1:3.1+dfsg-2ubuntu3
qemu-kvm - 1:3.1+dfsg-2ubuntu3
qemu-system - 1:3.1+dfsg-2ubuntu3
qemu-system-arm - 1:3.1+dfsg-2ubuntu3
qemu-system-common - 1:3.1+dfsg-2ubuntu3
qemu-system-data - 1:3.1+dfsg-2ubuntu3
qemu-system-gui - 1:3.1+dfsg-2ubuntu3
qemu-system-mips - 1:3.1+dfsg-2ubuntu3
qemu-system-misc - 1:3.1+dfsg-2ubuntu3
qemu-system-ppc - 1:3.1+dfsg-2ubuntu3
qemu-system-s390x - 1:3.1+dfsg-2ubuntu3
qemu-system-sparc - 1:3.1+dfsg-2ubuntu3
qemu-system-x86 - 1:3.1+dfsg-2ubuntu3
qemu-system-x86-microvm - 1:3.1+dfsg-2ubuntu3
qemu-system-x86-xen - 1:3.1+dfsg-2ubuntu3
qemu-user - 1:3.1+dfsg-2ubuntu3
qemu-user-binfmt - 1:3.1+dfsg-2ubuntu3
qemu-user-static - 1:3.1+dfsg-2ubuntu3
qemu-utils - 1:3.1+dfsg-2ubuntu3
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-02-19
2019-02-19
Michael Hanselmann
CVE-2019-3812
CVE-2019-5108 on Ubuntu 20.04 LTS (focal) - medium.
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2019-5108` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-12-23
2019-12-23
Mitchell Frank
CVE-2019-5108
CVE-2019-6778 on Ubuntu 20.04 LTS (focal) - medium.
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
Update Instructions:
Run `sudo pro fix CVE-2019-6778` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:3.1+dfsg-2ubuntu2
qemu-block-extra - 1:3.1+dfsg-2ubuntu2
qemu-guest-agent - 1:3.1+dfsg-2ubuntu2
qemu-kvm - 1:3.1+dfsg-2ubuntu2
qemu-system - 1:3.1+dfsg-2ubuntu2
qemu-system-arm - 1:3.1+dfsg-2ubuntu2
qemu-system-common - 1:3.1+dfsg-2ubuntu2
qemu-system-data - 1:3.1+dfsg-2ubuntu2
qemu-system-gui - 1:3.1+dfsg-2ubuntu2
qemu-system-mips - 1:3.1+dfsg-2ubuntu2
qemu-system-misc - 1:3.1+dfsg-2ubuntu2
qemu-system-ppc - 1:3.1+dfsg-2ubuntu2
qemu-system-s390x - 1:3.1+dfsg-2ubuntu2
qemu-system-sparc - 1:3.1+dfsg-2ubuntu2
qemu-system-x86 - 1:3.1+dfsg-2ubuntu2
qemu-system-x86-microvm - 1:3.1+dfsg-2ubuntu2
qemu-system-x86-xen - 1:3.1+dfsg-2ubuntu2
qemu-user - 1:3.1+dfsg-2ubuntu2
qemu-user-binfmt - 1:3.1+dfsg-2ubuntu2
qemu-user-static - 1:3.1+dfsg-2ubuntu2
qemu-utils - 1:3.1+dfsg-2ubuntu2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-01-25
2019-01-25
CVE-2019-6778
CVE-2019-9169 on Ubuntu 20.04 LTS (focal) - low.
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
Update Instructions:
Run `sudo pro fix CVE-2019-9169` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.30-0ubuntu2
libc-bin - 2.30-0ubuntu2
libc6 - 2.30-0ubuntu2
libc6-amd64 - 2.30-0ubuntu2
libc6-armel - 2.30-0ubuntu2
libc6-i386 - 2.30-0ubuntu2
libc6-lse - 2.30-0ubuntu2
libc6-pic - 2.30-0ubuntu2
libc6-prof - 2.30-0ubuntu2
libc6-s390 - 2.30-0ubuntu2
libc6-x32 - 2.30-0ubuntu2
locales - 2.30-0ubuntu2
locales-all - 2.30-0ubuntu2
nscd - 2.30-0ubuntu2
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-02-26
2019-02-26
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142
https://sourceware.org/bugzilla/show_bug.cgi?id=24114
CVE-2019-9169
CVE-2019-9445 on Ubuntu 20.04 LTS (focal) - low.
In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. It was discovered that the F2FS file system in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of- bounds read. A local attacker could possibly use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2019-9445` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-06
2019-09-06
CVE-2019-9445
CVE-2019-9453 on Ubuntu 20.04 LTS (focal) - low.
In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. It was discovered that the F2FS file system in the Linux kernel did not properly validate xattr meta data in some situations, leading to an out-of- bounds read. An attacker could use this to construct a malicious F2FS image that, when mounted, could expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2019-9453` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-06
2019-09-06
CVE-2019-9453
CVE-2019-9454 on Ubuntu 20.04 LTS (focal) - medium.
In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Update Instructions:
Run `sudo pro fix CVE-2019-9454` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-09-06
CVE-2019-9454
sbeattie> same commit as CVE-2017-18551, possibly a dupe
CVE-2019-9455 on Ubuntu 20.04 LTS (focal) - low.
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Update Instructions:
Run `sudo pro fix CVE-2019-9455` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-06
CVE-2019-9455
CVE-2019-9456 on Ubuntu 20.04 LTS (focal) - low.
In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Update Instructions:
Run `sudo pro fix CVE-2019-9456` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2019 Canonical Ltd.
2019-09-06
CVE-2019-9456
CVE-2019-9458 on Ubuntu 20.04 LTS (focal) - medium.
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Update Instructions:
Run `sudo pro fix CVE-2019-9458` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-09-06
CVE-2019-9458
CVE-2019-9506 on Ubuntu 20.04 LTS (focal) - medium.
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2019-9506` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2019 Canonical Ltd.
2019-08-13
2019-08-13
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen
2019-08-13
https://bugzilla.kernel.org/show_bug.cgi?id=203997
CVE-2019-9506
sbeattie> CERT VU#918987 mdeslaur> Mitigation for this issue was added to the kernel
CVE-2020-0009 on Ubuntu 20.04 LTS (focal) - low.
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932
Update Instructions:
Run `sudo pro fix CVE-2020-0009` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-01-08
CVE-2020-0009
cascardo> possible fix is 6d67b0290b4b84c477e6a2fc6e005e174d3c7786
CVE-2020-0067 on Ubuntu 20.04 LTS (focal) - medium.
In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147. It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-0067` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-37.41
linux-image-5.4.0-153-generic-lpae - 5.4.0-37.41
linux-image-unsigned-5.4.0-153-generic - 5.4.0-37.41
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-37.41
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1016.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1012.12
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-27.31
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-37.41
linux-image-5.4.0-105-lowlatency - 5.4.0-37.41
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1016.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1015.15
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1015.15
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-04-17
2020-04-17
CVE-2020-0067
CVE-2020-0305 on Ubuntu 20.04 LTS (focal) - medium.
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744
Update Instructions:
Run `sudo pro fix CVE-2020-0305` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-07-17
CVE-2020-0305
CVE-2020-0404 on Ubuntu 20.04 LTS (focal) - medium.
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel
Update Instructions:
Run `sudo pro fix CVE-2020-0404` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-09-17
Andrey Konovalov
CVE-2020-0404
CVE-2020-0427 on Ubuntu 20.04 LTS (focal) - medium.
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-0427` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-09-17
2020-09-17
Elena Petrova
CVE-2020-0427
CVE-2020-0429 on Ubuntu 20.04 LTS (focal) - low.
In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152735806
Update Instructions:
Run `sudo pro fix CVE-2020-0429` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-09-17
CVE-2020-0429
CVE-2020-0431 on Ubuntu 20.04 LTS (focal) - medium.
In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459
Update Instructions:
Run `sudo pro fix CVE-2020-0431` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-09-17
CVE-2020-0431
CVE-2020-0432 on Ubuntu 20.04 LTS (focal) - medium.
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807
Update Instructions:
Run `sudo pro fix CVE-2020-0432` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-09-17
Greg Kroah-Hartman
CVE-2020-0432
sbeattie> staging driver, need to confirm it is enabled
CVE-2020-0433 on Ubuntu 20.04 LTS (focal) - medium.
In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151939299
Update Instructions:
Run `sudo pro fix CVE-2020-0433` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-09-17
CVE-2020-0433
sbeattie> see android advisory for stable backports
CVE-2020-0444 on Ubuntu 20.04 LTS (focal) - medium.
In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel
Update Instructions:
Run `sudo pro fix CVE-2020-0444` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-12-14
CVE-2020-0444
CVE-2020-10690 on Ubuntu 20.04 LTS (focal) - medium.
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. It was discovered that a race condition existed in the Precision Time Protocol (PTP) implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-10690` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-05-08
2020-05-08
CVE-2020-10690
CVE-2020-10711 on Ubuntu 20.04 LTS (focal) - low.
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-10711` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-40.44
linux-image-5.4.0-153-generic-lpae - 5.4.0-40.44
linux-image-unsigned-5.4.0-153-generic - 5.4.0-40.44
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-40.44
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1018.18
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1019.19
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1018.18
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1019.19
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1013.13
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-28.32
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-40.44
linux-image-5.4.0-105-lowlatency - 5.4.0-40.44
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1018.18
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1020.20
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1019.19
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1018.18
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1011.11
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1019.19
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-05-12
2020-05-12
Matthew Sheets
2020-05-12
CVE-2020-10711
sbeattie> SELinux is not the default MAC used in Ubuntu
CVE-2020-10720 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.
Update Instructions:
Run `sudo pro fix CVE-2020-10720` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-09-03
CVE-2020-10720
CVE-2020-10732 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-10732` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-40.44
linux-image-5.4.0-153-generic-lpae - 5.4.0-40.44
linux-image-unsigned-5.4.0-153-generic - 5.4.0-40.44
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-40.44
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1018.18
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1019.19
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1018.18
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1018.18
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1019.19
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1013.13
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-28.32
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-40.44
linux-image-5.4.0-105-lowlatency - 5.4.0-40.44
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1018.18
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1020.20
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1019.19
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1018.18
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1018.18
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1019.19
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-06-12
2020-06-12
https://github.com/google/kmsan/issues/76
CVE-2020-10732
sbeattie> original report claimed this was introduced in 4206d3aa1978e44f58bfa4e1c9d8d35cbf19c187, but further investigation by Jann Horn makes the case that 91c3dba7dbc1 is where the real problem is introduced.
CVE-2020-10742 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability.
Update Instructions:
Run `sudo pro fix CVE-2020-10742` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-02
Jay Shin
https://bugzilla.redhat.com/show_bug.cgi?id=1835127
https://bugzilla.redhat.com/show_bug.cgi?id=1824270
CVE-2020-10742
sbeattie> reproducer in Red Hat bug 1824270.
CVE-2020-10751 on Ubuntu 20.04 LTS (focal) - negligible.
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. Dmitry Vyukov discovered that the SELinux netlink security hook in the Linux kernel did not validate messages in some situations. A privileged attacker could use this to bypass SELinux netlink restrictions.
Update Instructions:
Run `sudo pro fix CVE-2020-10751` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-37.41
linux-image-5.4.0-153-generic-lpae - 5.4.0-37.41
linux-image-unsigned-5.4.0-153-generic - 5.4.0-37.41
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-37.41
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1016.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1012.12
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-27.31
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-37.41
linux-image-5.4.0-105-lowlatency - 5.4.0-37.41
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1016.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1015.15
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1011.11
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1015.15
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2020 Canonical Ltd.
2020-05-26
2020-05-26
Dmitry Vyukov
CVE-2020-10751
sbeattie> SELinux specific, not the default LSM in Ubuntu.
CVE-2020-10757 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges.
Update Instructions:
Run `sudo pro fix CVE-2020-10757` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1018.18
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1018.18
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-06-04
2020-06-04
Fan Yang
2020-06-04
CVE-2020-10757
CVE-2020-10761 on Ubuntu 20.04 LTS (focal) - medium.
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2020-10761` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.4
qemu-block-extra - 1:4.2-3ubuntu6.4
qemu-guest-agent - 1:4.2-3ubuntu6.4
qemu-kvm - 1:4.2-3ubuntu6.4
qemu-system - 1:4.2-3ubuntu6.4
qemu-system-arm - 1:4.2-3ubuntu6.4
qemu-system-common - 1:4.2-3ubuntu6.4
qemu-system-data - 1:4.2-3ubuntu6.4
qemu-system-gui - 1:4.2-3ubuntu6.4
qemu-system-mips - 1:4.2-3ubuntu6.4
qemu-system-misc - 1:4.2-3ubuntu6.4
qemu-system-ppc - 1:4.2-3ubuntu6.4
qemu-system-s390x - 1:4.2-3ubuntu6.4
qemu-system-sparc - 1:4.2-3ubuntu6.4
qemu-system-x86 - 1:4.2-3ubuntu6.4
qemu-system-x86-microvm - 1:4.2-3ubuntu6.4
qemu-system-x86-xen - 1:4.2-3ubuntu6.4
qemu-user - 1:4.2-3ubuntu6.4
qemu-user-binfmt - 1:4.2-3ubuntu6.4
qemu-user-static - 1:4.2-3ubuntu6.4
qemu-utils - 1:4.2-3ubuntu6.4
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-06-09
2020-06-09
mdeslaur
Eric Blake and Xueqiang Wei
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761
CVE-2020-10761
mdeslaur> introduced in qemu 4.2
CVE-2020-10766 on Ubuntu 20.04 LTS (focal) - medium.
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality. It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-10766` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1020.20
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-06-10
2020-06-10
CVE-2020-10766
CVE-2020-10767 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-10767` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1020.20
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-06-10
2020-06-10
CVE-2020-10767
CVE-2020-10768 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality. It was discovered that the Linux kernel could incorrectly enable Indirect Branch Speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-10768` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1020.20
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-06-10
2020-06-10
CVE-2020-10768
CVE-2020-10769 on Ubuntu 20.04 LTS (focal) - medium.
A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2020-10769` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-06-26
CVE-2020-10769
CVE-2020-10774 on Ubuntu 20.04 LTS (focal) - medium.
A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-05-27
CVE-2020-10774
sbeattie> RHEL8 only
CVE-2020-10942 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the ability to perform ioctl() calls on /dev/vhost-net could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-10942` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-03-24
2020-03-24
CVE-2020-10942
CVE-2020-11494 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4. It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-11494` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-24.28
linux-image-5.4.0-153-generic-lpae - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-generic - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-24.28
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1009.9
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1010.10
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1009.9
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1009.9
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-24.28
linux-image-5.4.0-105-lowlatency - 5.4.0-24.28
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1009.9
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1010.10
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1009.9
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1008.8
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1008.8
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1009.9
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-04-02
2020-04-02
CVE-2020-11494
CVE-2020-11565 on Ubuntu 20.04 LTS (focal) - medium.
** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”. It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability to specify mount options could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-11565` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-31.35
linux-image-5.4.0-153-generic-lpae - 5.4.0-31.35
linux-image-unsigned-5.4.0-153-generic - 5.4.0-31.35
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-31.35
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1012.12
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-26.30
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-31.35
linux-image-5.4.0-105-lowlatency - 5.4.0-31.35
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1012.12
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1011.11
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1008.8
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1011.11
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-04-06
2020-04-06
CVE-2020-11565
CVE-2020-11608 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. It was discovered that the OV51x USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-11608` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-24.28
linux-image-5.4.0-153-generic-lpae - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-generic - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-24.28
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1009.9
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-24.28
linux-image-5.4.0-105-lowlatency - 5.4.0-24.28
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1009.9
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1007.7
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1008.8
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-04-07
2020-04-07
CVE-2020-11608
CVE-2020-11609 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. It was discovered that the STV06XX USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-11609` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-24.28
linux-image-5.4.0-153-generic-lpae - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-generic - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-24.28
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1009.9
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-24.28
linux-image-5.4.0-105-lowlatency - 5.4.0-24.28
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1009.9
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1007.7
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1008.8
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-04-07
2020-04-07
CVE-2020-11609
CVE-2020-11668 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. It was discovered that the Xirlink C-It USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-11668` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-24.28
linux-image-5.4.0-153-generic-lpae - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-generic - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-24.28
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1009.9
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-24.28
linux-image-5.4.0-105-lowlatency - 5.4.0-24.28
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1009.9
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1007.7
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1008.8
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-04-09
2020-04-09
CVE-2020-11668
CVE-2020-12114 on Ubuntu 20.04 LTS (focal) - medium.
A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-12114` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-37.41
linux-image-5.4.0-153-generic-lpae - 5.4.0-37.41
linux-image-unsigned-5.4.0-153-generic - 5.4.0-37.41
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-37.41
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1016.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1012.12
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-27.31
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-37.41
linux-image-5.4.0-105-lowlatency - 5.4.0-37.41
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1016.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1015.15
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1011.11
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1015.15
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-05-04
2020-05-04
Piotr Krysiuk
CVE-2020-12114
CVE-2020-12351 on Ubuntu 20.04 LTS (focal) - high.
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-12351` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-52.57
linux-image-5.4.0-153-generic-lpae - 5.4.0-52.57
linux-image-unsigned-5.4.0-153-generic - 5.4.0-52.57
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-52.57
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-25.26~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-25.26~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-25.26~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-25.26~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-25.26~20.04.1
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1032.33
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1022.25
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-37.42
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-52.57
linux-image-5.4.0-105-lowlatency - 5.4.0-52.57
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-25.26~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-25.26~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-25.26~20.04.1
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1032.33
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2020 Canonical Ltd.
2020-10-14
2020-10-14
Andy Nguyen
CVE-2020-12351
sbeattie> introduced in 4.8 cycle
CVE-2020-12352 on Ubuntu 20.04 LTS (focal) - medium.
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-12352` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-52.57
linux-image-5.4.0-153-generic-lpae - 5.4.0-52.57
linux-image-unsigned-5.4.0-153-generic - 5.4.0-52.57
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-52.57
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-25.26~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-25.26~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-25.26~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-25.26~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-25.26~20.04.1
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1032.33
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1022.25
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-37.42
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-52.57
linux-image-5.4.0-105-lowlatency - 5.4.0-52.57
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-25.26~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-25.26~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-25.26~20.04.1
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1032.33
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-10-14
2020-10-14
Andy Nguyen
CVE-2020-12352
sbeattie> introduced in 3.6
CVE-2020-12464 on Ubuntu 20.04 LTS (focal) - medium.
usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. It was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-12464` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-37.41
linux-image-5.4.0-153-generic-lpae - 5.4.0-37.41
linux-image-unsigned-5.4.0-153-generic - 5.4.0-37.41
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-37.41
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1016.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1010.10
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1012.12
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-27.31
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-37.41
linux-image-5.4.0-105-lowlatency - 5.4.0-37.41
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1016.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1015.15
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1010.10
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1015.15
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-04-29
2020-04-29
CVE-2020-12464
CVE-2020-12465 on Ubuntu 20.04 LTS (focal) - medium.
An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.
Update Instructions:
Run `sudo pro fix CVE-2020-12465` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-21.25
linux-image-5.4.0-153-generic-lpae - 5.4.0-21.25
linux-image-unsigned-5.4.0-153-generic - 5.4.0-21.25
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-21.25
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-21.25
linux-image-5.4.0-105-lowlatency - 5.4.0-21.25
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1006.6
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1007.7
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-04-29
CVE-2020-12465
CVE-2020-12652 on Ubuntu 20.04 LTS (focal) - low.
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power."
Update Instructions:
Run `sudo pro fix CVE-2020-12652` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-05-05
CVE-2020-12652
CVE-2020-12653 on Ubuntu 20.04 LTS (focal) - medium.
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
Update Instructions:
Run `sudo pro fix CVE-2020-12653` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-05-05
CVE-2020-12653
CVE-2020-12654 on Ubuntu 20.04 LTS (focal) - high.
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could possibly result in arbitrary code execution.
Update Instructions:
Run `sudo pro fix CVE-2020-12654` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2020 Canonical Ltd.
2020-05-05
2020-05-05
CVE-2020-12654
CVE-2020-12655 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2020-12655` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-05-05
2020-05-05
CVE-2020-12655
CVE-2020-12656 on Ubuntu 20.04 LTS (focal) - negligible.
** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug. It was discovered that the Kerberos SUNRPC GSS implementation in the Linux kernel did not properly deallocate memory on module unload. A local privileged attacker could possibly use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2020-12656` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2020 Canonical Ltd.
2020-05-05
2020-05-05
CVE-2020-12656
sbeattie> upstream generally treats module unload as an unsafe operation, which may explain a lack of progress in addressing the issue.
CVE-2020-12657 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. It was discovered that the block layer in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-12657` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-31.35
linux-image-5.4.0-153-generic-lpae - 5.4.0-31.35
linux-image-unsigned-5.4.0-153-generic - 5.4.0-31.35
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-31.35
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1012.12
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1010.10
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-26.30
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-31.35
linux-image-5.4.0-105-lowlatency - 5.4.0-31.35
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1012.12
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1011.11
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1010.10
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1011.11
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-05-05
2020-05-05
CVE-2020-12657
CVE-2020-12659 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation. Bui Quang Minh discovered that the XDP socket implementation in the Linux kernel did not properly validate meta-data passed from user space, leading to an out-of-bounds write vulnerability. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-12659` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-37.41
linux-image-5.4.0-153-generic-lpae - 5.4.0-37.41
linux-image-unsigned-5.4.0-153-generic - 5.4.0-37.41
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-37.41
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1016.16
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1015.15
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1010.10
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1012.12
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-27.31
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-37.41
linux-image-5.4.0-105-lowlatency - 5.4.0-37.41
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1016.16
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1015.15
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1010.10
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1015.15
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-05-05
2020-05-05
Bui Quang Minh
CVE-2020-12659
CVE-2020-12768 on Ubuntu 20.04 LTS (focal) - negligible.
** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will. It was discovered that the KVM implementation in the Linux kernel did not properly deallocate memory on initialization for some processors. A local attacker could possibly use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2020-12768` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-40.44
linux-image-5.4.0-153-generic-lpae - 5.4.0-40.44
linux-image-unsigned-5.4.0-153-generic - 5.4.0-40.44
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-40.44
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1018.18
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1019.19
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1018.18
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1019.19
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1013.13
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-28.32
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-40.44
linux-image-5.4.0-105-lowlatency - 5.4.0-40.44
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1018.18
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1020.20
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1019.19
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1018.18
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1019.19
No subscription required
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2020 Canonical Ltd.
2020-05-09
2020-05-09
CVE-2020-12768
CVE-2020-12769 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. It was discovered that the DesignWare SPI controller driver in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-12769` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-05-09
2020-05-09
CVE-2020-12769
CVE-2020-12770 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. It was discovered that the SCSI generic (sg) driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-12770` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-40.44
linux-image-5.4.0-153-generic-lpae - 5.4.0-40.44
linux-image-unsigned-5.4.0-153-generic - 5.4.0-40.44
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-40.44
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1018.18
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1019.19
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1018.18
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1019.19
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1013.13
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-28.32
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-40.44
linux-image-5.4.0-105-lowlatency - 5.4.0-40.44
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1018.18
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1020.20
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1019.19
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1018.18
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1011.11
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1019.19
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-05-09
2020-05-09
CVE-2020-12770
CVE-2020-12771 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2020-12771` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-05-09
2020-05-09
CVE-2020-12771
CVE-2020-12826 on Ubuntu 20.04 LTS (focal) - medium.
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. It was discovered that the exit signaling implementation in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (arbitrary application crash).
Update Instructions:
Run `sudo pro fix CVE-2020-12826` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-31.35
linux-image-5.4.0-153-generic-lpae - 5.4.0-31.35
linux-image-unsigned-5.4.0-153-generic - 5.4.0-31.35
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-31.35
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1012.12
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1011.11
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1010.10
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-26.30
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-31.35
linux-image-5.4.0-105-lowlatency - 5.4.0-31.35
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1012.12
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1011.11
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1011.11
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1010.10
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1011.11
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-05-12
2020-05-12
CVE-2020-12826
CVE-2020-12912 on Ubuntu 20.04 LTS (focal) - low.
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access. It was discovered that the AMD Running Average Power Limit (RAPL) driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-12912` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-34.37~20.04.2
linux-image-5.8.0-63-generic-lpae - 5.8.0-34.37~20.04.2
linux-image-unsigned-5.8.0-63-generic - 5.8.0-34.37~20.04.2
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-34.37~20.04.2
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-34.37~20.04.2
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-34.37~20.04.2
linux-image-5.8.0-63-generic-64k - 5.8.0-34.37~20.04.2
linux-image-5.8.0-63-lowlatency - 5.8.0-34.37~20.04.2
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-11-12
2020-11-12
CVE-2020-12912
CVE-2020-13143 on Ubuntu 20.04 LTS (focal) - low.
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. It was discovered that the USB Gadget device driver in the Linux kernel did not validate arguments passed from configfs in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-13143` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-40.44
linux-image-5.4.0-153-generic-lpae - 5.4.0-40.44
linux-image-unsigned-5.4.0-153-generic - 5.4.0-40.44
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-40.44
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1018.18
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1019.19
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1018.18
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1019.19
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1013.13
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-28.32
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-40.44
linux-image-5.4.0-105-lowlatency - 5.4.0-40.44
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1018.18
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1020.20
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1019.19
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1018.18
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1011.11
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1019.19
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-05-18
2020-05-18
CVE-2020-13143
CVE-2020-13253 on Ubuntu 20.04 LTS (focal) - low.
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
Update Instructions:
Run `sudo pro fix CVE-2020-13253` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.4
qemu-block-extra - 1:4.2-3ubuntu6.4
qemu-guest-agent - 1:4.2-3ubuntu6.4
qemu-kvm - 1:4.2-3ubuntu6.4
qemu-system - 1:4.2-3ubuntu6.4
qemu-system-arm - 1:4.2-3ubuntu6.4
qemu-system-common - 1:4.2-3ubuntu6.4
qemu-system-data - 1:4.2-3ubuntu6.4
qemu-system-gui - 1:4.2-3ubuntu6.4
qemu-system-mips - 1:4.2-3ubuntu6.4
qemu-system-misc - 1:4.2-3ubuntu6.4
qemu-system-ppc - 1:4.2-3ubuntu6.4
qemu-system-s390x - 1:4.2-3ubuntu6.4
qemu-system-sparc - 1:4.2-3ubuntu6.4
qemu-system-x86 - 1:4.2-3ubuntu6.4
qemu-system-x86-microvm - 1:4.2-3ubuntu6.4
qemu-system-x86-xen - 1:4.2-3ubuntu6.4
qemu-user - 1:4.2-3ubuntu6.4
qemu-user-binfmt - 1:4.2-3ubuntu6.4
qemu-user-static - 1:4.2-3ubuntu6.4
qemu-utils - 1:4.2-3ubuntu6.4
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-05-27
2020-05-27
mdeslaur
https://bugs.launchpad.net/qemu/+bug/1880822
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961297
CVE-2020-13253
CVE-2020-13974 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact.
Update Instructions:
Run `sudo pro fix CVE-2020-13974` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1018.18
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1018.18
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-06-09
2020-06-09
FuzzUSB, syzkaller
CVE-2020-13974
sbeattie> reproducer in lore.kernel.org link
CVE-2020-14305 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Update Instructions:
Run `sudo pro fix CVE-2020-14305` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-12-02
CVE-2020-14305
sbeattie> fixed in 4.11 and newer with 9f0f3ebeda47a5518817f33c40f6d3ea9c0275b8
CVE-2020-14331 on Ubuntu 20.04 LTS (focal) - negligible.
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2020 Canonical Ltd.
2020-09-15
Yunhai Zhang
CVE-2020-14331
alexmurray> CONFIG_VGACON_SOFT_SCROLLBACK is required to be enabled for this to be exploitable. This config option is disabled in Ubuntu kernel configs.
CVE-2020-14356 on Ubuntu 20.04 LTS (focal) - medium.
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. It was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges.
Update Instructions:
Run `sudo pro fix CVE-2020-14356` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1021.21
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1021.21
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-08-19
2020-08-19
https://bugzilla.redhat.com/show_bug.cgi?id=1868453
CVE-2020-14356
sbeattie> commit 1bfba2f4270c64c912 is in the linux-stable tree hash
CVE-2020-14364 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
Update Instructions:
Run `sudo pro fix CVE-2020-14364` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.6
qemu-block-extra - 1:4.2-3ubuntu6.6
qemu-guest-agent - 1:4.2-3ubuntu6.6
qemu-kvm - 1:4.2-3ubuntu6.6
qemu-system - 1:4.2-3ubuntu6.6
qemu-system-arm - 1:4.2-3ubuntu6.6
qemu-system-common - 1:4.2-3ubuntu6.6
qemu-system-data - 1:4.2-3ubuntu6.6
qemu-system-gui - 1:4.2-3ubuntu6.6
qemu-system-mips - 1:4.2-3ubuntu6.6
qemu-system-misc - 1:4.2-3ubuntu6.6
qemu-system-ppc - 1:4.2-3ubuntu6.6
qemu-system-s390x - 1:4.2-3ubuntu6.6
qemu-system-sparc - 1:4.2-3ubuntu6.6
qemu-system-x86 - 1:4.2-3ubuntu6.6
qemu-system-x86-microvm - 1:4.2-3ubuntu6.6
qemu-system-x86-xen - 1:4.2-3ubuntu6.6
qemu-user - 1:4.2-3ubuntu6.6
qemu-user-binfmt - 1:4.2-3ubuntu6.6
qemu-user-static - 1:4.2-3ubuntu6.6
qemu-utils - 1:4.2-3ubuntu6.6
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-08-24
2020-08-24
mdeslaur
Ziming Zhang, Xiao Wei, Gonglei Arei and Yanyu Zhang
2020-08-24
CVE-2020-14364
CVE-2020-14386 on Ubuntu 20.04 LTS (focal) - high.
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-14386` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-47.51
linux-image-5.4.0-153-generic-lpae - 5.4.0-47.51
linux-image-unsigned-5.4.0-153-generic - 5.4.0-47.51
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-47.51
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1024.24
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1025.25
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1024.24
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1026.26
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1024.24
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1018.20
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-33.37
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-47.51
linux-image-5.4.0-105-lowlatency - 5.4.0-47.51
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1024.24
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1025.25
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1024.24
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1023.23
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1026.26
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1024.24
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2020 Canonical Ltd.
2020-09-04
2020-09-04
Or Cohen
CVE-2020-14386
sbeattie> requires CAP_NET_RAW cascardo> Added break as investigated by Solar Designer. sbeattie> older backports without 8e8e2951e309 will need second lore.kernel.org variant
CVE-2020-14416 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.
Update Instructions:
Run `sudo pro fix CVE-2020-14416` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-06-18
CVE-2020-14416
CVE-2020-15393 on Ubuntu 20.04 LTS (focal) - low.
In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service (memory exhaustion).
Update Instructions:
Run `sudo pro fix CVE-2020-15393` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-06-29
2020-06-29
Kyungtae Kim
CVE-2020-15393
CVE-2020-15436 on Ubuntu 20.04 LTS (focal) - medium.
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. It was discovered that the block layer implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-15436` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-23
2020-11-23
CVE-2020-15436
CVE-2020-15780 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30. Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel.
Update Instructions:
Run `sudo pro fix CVE-2020-15780` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-42.46
linux-image-5.4.0-153-generic-lpae - 5.4.0-42.46
linux-image-unsigned-5.4.0-153-generic - 5.4.0-42.46
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-42.46
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1020.20
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1021.21
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1015.15
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-30.34
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-42.46
linux-image-5.4.0-105-lowlatency - 5.4.0-42.46
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1020.20
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1021.21
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1020.20
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1021.21
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-07-15
2020-07-15
Jason A. Donenfeld
CVE-2020-15780
sbeattie> acpi configfs interface added in 4.8/
CVE-2020-16119 on Ubuntu 20.04 LTS (focal) - high.
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-16119` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-51.56
linux-image-5.4.0-153-generic-lpae - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-generic - 5.4.0-51.56
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-51.56
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1031.32
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1026.27
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1028.29
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1021.24
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-36.41
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-51.56
linux-image-5.4.0-105-lowlatency - 5.4.0-51.56
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1028.29
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1031.32
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1028.29
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1026.27
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1028.29
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2020 Canonical Ltd.
2020-10-13
2020-10-13
cascardo
Hadar Manor
2020-10-13
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883840
CVE-2020-16119
sbeattie> patch applied to the ubuntu-kernels was NACKed by upstream. The subsequent revision submitted upstream still needs rework and has not been accepted as of 2021-01-13.
CVE-2020-1749 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. Xiumei Mu discovered that the IPSec implementation in the Linux kernel did not properly encrypt IPv6 traffic in some situations. An attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-1749` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-03-04
2020-03-04
Xiumei Mu
CVE-2020-1749
CVE-2020-1751 on Ubuntu 20.04 LTS (focal) - medium.
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.
Update Instructions:
Run `sudo pro fix CVE-2020-1751` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9
libc-bin - 2.31-0ubuntu9
libc6 - 2.31-0ubuntu9
libc6-amd64 - 2.31-0ubuntu9
libc6-armel - 2.31-0ubuntu9
libc6-i386 - 2.31-0ubuntu9
libc6-lse - 2.31-0ubuntu9
libc6-pic - 2.31-0ubuntu9
libc6-prof - 2.31-0ubuntu9
libc6-s390 - 2.31-0ubuntu9
libc6-x32 - 2.31-0ubuntu9
locales - 2.31-0ubuntu9
locales-all - 2.31-0ubuntu9
nscd - 2.31-0ubuntu9
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-04-17
2020-04-17
https://sourceware.org/bugzilla/show_bug.cgi?id=25423
CVE-2020-1751
leosilva> -esm releases only supports amd64 arch mdeslaur> introduced in https://sourceware.org/git/?p=glibc.git;a=commit;h=d400dcac5e
CVE-2020-1967 on Ubuntu 20.04 LTS (focal) - high.
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
Update Instructions:
Run `sudo pro fix CVE-2020-1967` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2
openssl - 1.1.1f-1ubuntu2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2020 Canonical Ltd.
2020-04-21
mdeslaur
Bernd Edlinger
2020-04-21
CVE-2020-1967
mdeslaur> introduced in 1.1.1d
CVE-2020-1971 on Ubuntu 20.04 LTS (focal) - high.
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
Update Instructions:
Run `sudo pro fix CVE-2020-1971` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2.1
openssl - 1.1.1f-1ubuntu2.1
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2020 Canonical Ltd.
2020-12-08
2020-12-08
David Benjamin
2020-12-08
CVE-2020-1971
mdeslaur> edk2 doesn't use the OpenSSL GENERAL_NAME_cmp function, so it is not vulnerable to this issue.
CVE-2020-24394 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. It was discovered that the NFS server implementation in the Linux kernel did not properly honor umask settings when setting permissions while creating file system objects if the underlying file system did not support ACLs. An attacker could possibly use this to expose sensitive information or violate system integrity.
Update Instructions:
Run `sudo pro fix CVE-2020-24394` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1031.32
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-08-19
2020-08-19
CVE-2020-24394
CVE-2020-24490 on Ubuntu 20.04 LTS (focal) - medium.
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. Andy Nguyen discovered that the Bluetooth HCI event packet parser in the Linux kernel did not properly handle event advertisements of certain sizes, leading to a heap-based buffer overflow. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-24490` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-48.52
linux-image-5.4.0-153-generic-lpae - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-generic - 5.4.0-48.52
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-48.52
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1019.21
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-34.38
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-48.52
linux-image-5.4.0-105-lowlatency - 5.4.0-48.52
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-10-14
2020-10-14
Andy Nguyen
CVE-2020-24490
sbeattie> This issue affected kernels 4.18 and later; as such Ubuntu 20.04's 5.4 kernel was fixed around 2020/09/21, before the advisory was issued. it is asserted that b2cc9761f144e8ef714be8c590603073b80ddc13 made the vulnerability accessible. sbeattie> it's not clear if https://lore.kernel.org/linux-bluetooth/20201016180956.707681-1-luiz.dentz@gmail.com/ is needed as well.
CVE-2020-25220 on Ubuntu 20.04 LTS (focal) - medium.
The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.
Update Instructions:
Run `sudo pro fix CVE-2020-25220` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-09-10
CVE-2020-25220
CVE-2020-25661 on Ubuntu 20.04 LTS (focal) - negligible.
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2020 Canonical Ltd.
2020-11-05
CVE-2020-25661
CVE-2020-25662 on Ubuntu 20.04 LTS (focal) - negligible.
A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.
Ubuntu 20.04 LTS
Negligible
Copyright (C) 2020 Canonical Ltd.
2020-11-05
CVE-2020-25662
CVE-2020-27068 on Ubuntu 20.04 LTS (focal) - medium.
Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel
Update Instructions:
Run `sudo pro fix CVE-2020-27068` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-12-15
CVE-2020-27068
CVE-2020-27152 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9. It was discovered that the KVM hypervisor in the Linux kernel did not properly handle interrupts in certain situations. A local attacker in a guest VM could possibly use this to cause a denial of service (host system crash).
Update Instructions:
Run `sudo pro fix CVE-2020-27152` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-31.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-31.33~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-06
2020-11-06
CVE-2020-27152
CVE-2020-2732 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-2732` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-02-24
2020-02-24
Paulo Bonzini
2020-02-24
https://bugzilla.redhat.com/show_bug.cgi?id=1805135
CVE-2020-2732
sbeattie> only systems running Intel processors are affected.
CVE-2020-27777 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. Daniel Axtens discovered that PowerPC RTAS implementation in the Linux kernel did not properly restrict memory accesses in some situations. A privileged local attacker could use this to arbitrarily modify kernel memory, potentially bypassing kernel lockdown restrictions.
Update Instructions:
Run `sudo pro fix CVE-2020-27777` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-59.65
linux-image-5.4.0-153-generic-lpae - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-generic - 5.4.0-59.65
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-59.65
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-59.65
linux-image-5.4.0-105-lowlatency - 5.4.0-59.65
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-44.50~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-44.50~20.04.1
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-12-15
2020-12-15
Daniel Axtens
CVE-2020-27777
sbeattie> fix needs typo correction from lkml link in refs
CVE-2020-27786 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Update Instructions:
Run `sudo pro fix CVE-2020-27786` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-40.44
linux-image-5.4.0-153-generic-lpae - 5.4.0-40.44
linux-image-unsigned-5.4.0-153-generic - 5.4.0-40.44
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-40.44
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1018.18
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1019.19
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1018.18
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1011.11
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1019.19
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1013.13
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-28.32
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-40.44
linux-image-5.4.0-105-lowlatency - 5.4.0-40.44
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1018.18
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1020.20
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1019.19
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1018.18
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1011.11
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1019.19
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-12-11
cascardo
ADLab of venustech
CVE-2020-27786
cascardo> commit 39675f7a7c7e7702f7d5341f1e0d01db746543a0 would be a pre-req.
CVE-2020-27825 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.
Update Instructions:
Run `sudo pro fix CVE-2020-27825` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-12-11
Adam Zabrocki
CVE-2020-27825
CVE-2020-28374 on Ubuntu 20.04 LTS (focal) - high.
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.
Update Instructions:
Run `sudo pro fix CVE-2020-28374` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-62.70
linux-image-5.4.0-153-generic-lpae - 5.4.0-62.70
linux-image-unsigned-5.4.0-153-generic - 5.4.0-62.70
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-62.70
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1037.39
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1039.41
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1036.39
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1009.10
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-38.43~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-38.43~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-38.43~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-38.43~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-38.43~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1014.15
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1047.51
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1037.40
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1028.31
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-62.70
linux-image-5.4.0-105-lowlatency - 5.4.0-62.70
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1037.39
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1039.41
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1036.39
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1009.10
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-38.43~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-38.43~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-38.43~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1032.33
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1014.15
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1047.51
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1037.40
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-01-12
2021-01-12
CVE-2020-28374
sbeattie> MITIGATION XCOPY support is enabled by default, but can be disabled via: echo 0 > /sys/kernel/config/target/core/<backstore>/<name>/attrib/emulate_3pc or targetcli /backstores/<backstore>/<name> set attribute emulate_3pc=0 . This workaround does *not* affect XCOPY requests sent to tcmu-runner based backstores.
CVE-2020-28916 on Ubuntu 20.04 LTS (focal) - medium.
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
Update Instructions:
Run `sudo pro fix CVE-2020-28916` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.12
qemu-block-extra - 1:4.2-3ubuntu6.12
qemu-guest-agent - 1:4.2-3ubuntu6.12
qemu-kvm - 1:4.2-3ubuntu6.12
qemu-system - 1:4.2-3ubuntu6.12
qemu-system-arm - 1:4.2-3ubuntu6.12
qemu-system-common - 1:4.2-3ubuntu6.12
qemu-system-data - 1:4.2-3ubuntu6.12
qemu-system-gui - 1:4.2-3ubuntu6.12
qemu-system-mips - 1:4.2-3ubuntu6.12
qemu-system-misc - 1:4.2-3ubuntu6.12
qemu-system-ppc - 1:4.2-3ubuntu6.12
qemu-system-s390x - 1:4.2-3ubuntu6.12
qemu-system-sparc - 1:4.2-3ubuntu6.12
qemu-system-x86 - 1:4.2-3ubuntu6.12
qemu-system-x86-microvm - 1:4.2-3ubuntu6.12
qemu-system-x86-xen - 1:4.2-3ubuntu6.12
qemu-user - 1:4.2-3ubuntu6.12
qemu-user-binfmt - 1:4.2-3ubuntu6.12
qemu-user-static - 1:4.2-3ubuntu6.12
qemu-utils - 1:4.2-3ubuntu6.12
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-12-04
2020-12-04
Cheol-woo Myung
CVE-2020-28916
CVE-2020-29368 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. Jann Horn discovered a race condition in the copy-on-write implementation in the Linux kernel when handling hugepages. A local attacker could use this to gain unintended write access to read-only memory pages.
Update Instructions:
Run `sudo pro fix CVE-2020-29368` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1048.52
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-28
2020-11-28
Jann Horn
CVE-2020-29368
CVE-2020-29370 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
Update Instructions:
Run `sudo pro fix CVE-2020-29370` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-24.28
linux-image-5.4.0-153-generic-lpae - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-generic - 5.4.0-24.28
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-24.28
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1009.9
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-24.28
linux-image-5.4.0-105-lowlatency - 5.4.0-24.28
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1009.9
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1007.7
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1008.8
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-28
CVE-2020-29370
CVE-2020-29374 on Ubuntu 20.04 LTS (focal) - medium.
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages.
Update Instructions:
Run `sudo pro fix CVE-2020-29374` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-31.35
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1020.20
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-28
2020-11-28
CVE-2020-29374
CVE-2020-29562 on Ubuntu 20.04 LTS (focal) - low.
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2020-29562` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
glibc-source - 2.31-0ubuntu9.7
libc-bin - 2.31-0ubuntu9.7
libc6 - 2.31-0ubuntu9.7
libc6-amd64 - 2.31-0ubuntu9.7
libc6-armel - 2.31-0ubuntu9.7
libc6-i386 - 2.31-0ubuntu9.7
libc6-lse - 2.31-0ubuntu9.7
libc6-pic - 2.31-0ubuntu9.7
libc6-prof - 2.31-0ubuntu9.7
libc6-s390 - 2.31-0ubuntu9.7
libc6-x32 - 2.31-0ubuntu9.7
locales - 2.31-0ubuntu9.7
locales-all - 2.31-0ubuntu9.7
nscd - 2.31-0ubuntu9.7
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-12-04
2020-12-04
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976391
CVE-2020-29562
mdeslaur> while bug reports indicate this was introduced in 2.30, there actually is a commit in 2.27 to fix the issue.
CVE-2020-35513 on Ubuntu 20.04 LTS (focal) - low.
A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.
Update Instructions:
Run `sudo pro fix CVE-2020-35513` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-01-26
Lucash Stach
https://bugzilla.redhat.com/show_bug.cgi?id=1911309
CVE-2020-35513
CVE-2020-4788 on Ubuntu 20.04 LTS (focal) - medium.
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-4788` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-56.62
linux-image-5.4.0-153-generic-lpae - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-generic - 5.4.0-56.62
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-56.62
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1032.33
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1034.35
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1032.34
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-31.33~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-31.33~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1028.29
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1032.34
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-56.62
linux-image-5.4.0-105-lowlatency - 5.4.0-56.62
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1032.33
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1034.35
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1032.34
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-31.33~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-31.33~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1028.29
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1032.34
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-19
2020-11-19
2020-11-19
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1899573
CVE-2020-4788
sbeattie> Power9 support landed in ~4.9 timeframe
CVE-2020-7053 on Ubuntu 20.04 LTS (focal) - medium.
In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. It was discovered that a race condition can lead to a use-after-free while destroying GEM contexts in the i915 driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update Instructions:
Run `sudo pro fix CVE-2020-7053` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1006-raspi2 - 5.4.0-1004.4
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.4.0-1002.4
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-01-14
2020-01-14
Quan Luo and ycq
2020-01-14
https://bugs.launchpad.net/bugs/1859522
CVE-2020-7053
tyhicks> This issue only affects systems with Intel Graphics Processing Units (GPUs)
CVE-2020-8428 on Ubuntu 20.04 LTS (focal) - medium.
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed. Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).
Update Instructions:
Run `sudo pro fix CVE-2020-8428` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-01-29
2020-01-29
Al Viro
CVE-2020-8428
alexmurray> Original fix caused a regression so need second commit as well
CVE-2020-8647 on Ubuntu 20.04 LTS (focal) - medium.
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. It was discovered that the virtual terminal implementation in the Linux kernel did not properly handle resize events. A local attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-8647` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-21.25
linux-image-5.4.0-153-generic-lpae - 5.4.0-21.25
linux-image-unsigned-5.4.0-153-generic - 5.4.0-21.25
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-21.25
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-21.25
linux-image-5.4.0-105-lowlatency - 5.4.0-21.25
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1006.6
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1007.7
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-02-06
CVE-2020-8647
CVE-2020-8648 on Ubuntu 20.04 LTS (focal) - medium.
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-8648` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-21.25
linux-image-5.4.0-153-generic-lpae - 5.4.0-21.25
linux-image-unsigned-5.4.0-153-generic - 5.4.0-21.25
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-21.25
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-21.25
linux-image-5.4.0-105-lowlatency - 5.4.0-21.25
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1006.6
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1007.7
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-02-06
2020-02-06
CVE-2020-8648
cascardo> This looks like a race between set_selection_kernel and paste_selection that may lead to data leak.
CVE-2020-8649 on Ubuntu 20.04 LTS (focal) - medium.
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. It was discovered that the virtual terminal implementation in the Linux kernel did not properly handle resize events. A local attacker could use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-8649` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-21.25
linux-image-5.4.0-153-generic-lpae - 5.4.0-21.25
linux-image-unsigned-5.4.0-153-generic - 5.4.0-21.25
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-21.25
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-21.25
linux-image-5.4.0-105-lowlatency - 5.4.0-21.25
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1006.6
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1007.7
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-02-06
CVE-2020-8649
CVE-2020-8694 on Ubuntu 20.04 LTS (focal) - medium.
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-8694` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-53.59
linux-image-5.4.0-153-generic-lpae - 5.4.0-53.59
linux-image-unsigned-5.4.0-153-generic - 5.4.0-53.59
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-53.59
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1029.31
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-28.30~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-28.30~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-28.30~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-28.30~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-28.30~20.04.1
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1033.35
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1029.31
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-53.59
linux-image-5.4.0-105-lowlatency - 5.4.0-53.59
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1029.31
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-28.30~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-28.30~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-28.30~20.04.1
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1033.35
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1029.31
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2020 Canonical Ltd.
2020-11-10
2020-11-10
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss
2020-11-10
CVE-2020-8694
sbeattie> fix will be to adjust the access control bits on the RAPL sysfs files.
CVE-2020-8835 on Ubuntu 20.04 LTS (focal) - high.
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) Manfred Paul discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information (kernel memory) or gain administrative privileges.
Update Instructions:
Run `sudo pro fix CVE-2020-8835` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-21.25
linux-image-5.4.0-153-generic-lpae - 5.4.0-21.25
linux-image-unsigned-5.4.0-153-generic - 5.4.0-21.25
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-21.25
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1008.8
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-21.25
linux-image-5.4.0-105-lowlatency - 5.4.0-21.25
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1008.8
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1006.6
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1007.7
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2020 Canonical Ltd.
2020-03-30
2020-03-30
kernel-sec
Manfred Paul
2020-03-30
CVE-2020-8835
sbeattie> introduced by upstream commit 581738a681b6, which was mistakenly backported to upstream stable 5.4 kernel (b4de258dede528f88f401259aab3147fb6da1ddf). Ubuntu's 5.3 kernels are affected because 5.4 stable backport commits were pulled into Ubuntu's 5.3 kernels.
CVE-2020-8992 on Ubuntu 20.04 LTS (focal) - low.
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup).
Update Instructions:
Run `sudo pro fix CVE-2020-8992` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-02-14
2020-02-14
Shijie Luo
CVE-2020-8992
CVE-2020-9383 on Ubuntu 20.04 LTS (focal) - low.
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information.
Update Instructions:
Run `sudo pro fix CVE-2020-9383` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-18.22
linux-image-5.4.0-153-generic-lpae - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-generic - 5.4.0-18.22
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-18.22
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-40-generic - 5.4.0-24.28
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-18.22
linux-image-5.4.0-105-lowlatency - 5.4.0-18.22
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2020 Canonical Ltd.
2020-02-25
2020-02-25
Jordy Zomer
CVE-2020-9383
CVE-2021-0342 on Ubuntu 20.04 LTS (focal) - medium.
In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327.
Update Instructions:
Run `sudo pro fix CVE-2021-0342` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-45.49
linux-image-5.4.0-153-generic-lpae - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-generic - 5.4.0-45.49
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-45.49
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1022.22
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1023.23
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1021.21
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1020.20
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1016.17
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-45.49
linux-image-5.4.0-105-lowlatency - 5.4.0-45.49
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1022.22
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1023.23
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1022.22
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1021.21
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1020.20
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1022.22
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-01-11
CVE-2021-0342
CVE-2021-20219 on Ubuntu 20.04 LTS (focal) - medium.
A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability.
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-23
Evgenii Shatokhin
CVE-2021-20219
sbeattie> Red Hat's backport of 3d63b7e4ae0d "n_tty: Fix stall at n_tty_receive_char_special()." was incomplete and could result in an infinite loop.
CVE-2021-20265 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.
Update Instructions:
Run `sudo pro fix CVE-2021-20265` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
linux-image-5.4.0-153-generic - 5.4.0-9.12
linux-image-5.4.0-153-generic-lpae - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-generic - 5.4.0-9.12
linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-9.12
No subscription required
linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1006.6
No subscription required
linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1005.5
No subscription required
linux-image-unsigned-5.4.0-1072-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-lpae - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-unsigned-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-unsigned-5.4.0-1094-kvm - 5.4.0-1004.4
No subscription required
linux-image-unsigned-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-unsigned-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1089-raspi - 5.4.0-1007.7
No subscription required
linux-image-5.4.0-105-generic - 5.4.0-9.12
linux-image-5.4.0-105-lowlatency - 5.4.0-9.12
No subscription required
linux-image-5.4.0-1069-aws - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1073-azure - 5.4.0-1006.6
No subscription required
linux-image-5.4.0-1068-gcp - 5.4.0-1005.5
No subscription required
linux-image-5.4.0-1037-gkeop - 5.4.0-1008.9
No subscription required
linux-image-5.8.0-63-generic - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-generic-64k - 5.8.0-23.24~20.04.1
linux-image-5.8.0-63-lowlatency - 5.8.0-23.24~20.04.1
No subscription required
linux-image-5.4.0-1059-kvm - 5.4.0-1004.4
No subscription required
linux-image-5.10.0-1057-oem - 5.10.0-1008.9
No subscription required
linux-image-5.6.0-1056-oem - 5.6.0-1007.7
No subscription required
linux-image-5.4.0-1067-oracle - 5.4.0-1005.5
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-03-10
CVE-2021-20265
CVE-2021-23841 on Ubuntu 20.04 LTS (focal) - medium.
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
Update Instructions:
Run `sudo pro fix CVE-2021-23841` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
ovmf - 0~20191122.bd85bf54-2ubuntu3.1
qemu-efi - 0~20191122.bd85bf54-2ubuntu3.1
qemu-efi-aarch64 - 0~20191122.bd85bf54-2ubuntu3.1
qemu-efi-arm - 0~20191122.bd85bf54-2ubuntu3.1
No subscription required
libssl1.1 - 1.1.1f-1ubuntu2.2
openssl - 1.1.1f-1ubuntu2.2
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-02-16
2021-02-16
Tavis Ormandy
CVE-2021-23841
mdeslaur> edk2 doesn't use the affected function
CVE-2021-33574 on Ubuntu 20.04 LTS (focal) - low.
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-05-25
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989147
CVE-2021-33574
sbeattie> see https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c4 for a discussion on what pre-requisites are needed for an attack based on this vulnerability. affects more than just 2.32 and 2.33 mdeslaur> upstream fix introduced CVE-2021-38604, if this CVE is fixed, the other needs to be fixed also. Fixing this CVE would require introducing new symbols which will likely cause regressions for running systems. We will not be fixing this CVE in Ubuntu stable releases. Marking as ignored.
CVE-2021-3450 on Ubuntu 20.04 LTS (focal) - high.
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).
Update Instructions:
Run `sudo pro fix CVE-2021-3450` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
libssl1.1 - 1.1.1f-1ubuntu2.2
openssl - 1.1.1f-1ubuntu2.2
No subscription required
Ubuntu 20.04 LTS
High
Copyright (C) 2021 Canonical Ltd.
2021-03-25
mdeslaur
Xiang Ding
2021-03-25
CVE-2021-3450
mdeslaur> only affects 1.1.1h and later edk2 in Ubuntu contains an embedded OpenSSL earlier than 1.1.1h
CVE-2021-3582 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.
Update Instructions:
Run `sudo pro fix CVE-2021-3582` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.17
qemu-block-extra - 1:4.2-3ubuntu6.17
qemu-guest-agent - 1:4.2-3ubuntu6.17
qemu-kvm - 1:4.2-3ubuntu6.17
qemu-system - 1:4.2-3ubuntu6.17
qemu-system-arm - 1:4.2-3ubuntu6.17
qemu-system-common - 1:4.2-3ubuntu6.17
qemu-system-data - 1:4.2-3ubuntu6.17
qemu-system-gui - 1:4.2-3ubuntu6.17
qemu-system-mips - 1:4.2-3ubuntu6.17
qemu-system-misc - 1:4.2-3ubuntu6.17
qemu-system-ppc - 1:4.2-3ubuntu6.17
qemu-system-s390x - 1:4.2-3ubuntu6.17
qemu-system-sparc - 1:4.2-3ubuntu6.17
qemu-system-x86 - 1:4.2-3ubuntu6.17
qemu-system-x86-microvm - 1:4.2-3ubuntu6.17
qemu-system-x86-xen - 1:4.2-3ubuntu6.17
qemu-user - 1:4.2-3ubuntu6.17
qemu-user-binfmt - 1:4.2-3ubuntu6.17
qemu-user-static - 1:4.2-3ubuntu6.17
qemu-utils - 1:4.2-3ubuntu6.17
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-06-18
2021-06-18
CVE-2021-3582
CVE-2021-3607 on Ubuntu 20.04 LTS (focal) - low.
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Update Instructions:
Run `sudo pro fix CVE-2021-3607` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.17
qemu-block-extra - 1:4.2-3ubuntu6.17
qemu-guest-agent - 1:4.2-3ubuntu6.17
qemu-kvm - 1:4.2-3ubuntu6.17
qemu-system - 1:4.2-3ubuntu6.17
qemu-system-arm - 1:4.2-3ubuntu6.17
qemu-system-common - 1:4.2-3ubuntu6.17
qemu-system-data - 1:4.2-3ubuntu6.17
qemu-system-gui - 1:4.2-3ubuntu6.17
qemu-system-mips - 1:4.2-3ubuntu6.17
qemu-system-misc - 1:4.2-3ubuntu6.17
qemu-system-ppc - 1:4.2-3ubuntu6.17
qemu-system-s390x - 1:4.2-3ubuntu6.17
qemu-system-sparc - 1:4.2-3ubuntu6.17
qemu-system-x86 - 1:4.2-3ubuntu6.17
qemu-system-x86-microvm - 1:4.2-3ubuntu6.17
qemu-system-x86-xen - 1:4.2-3ubuntu6.17
qemu-user - 1:4.2-3ubuntu6.17
qemu-user-binfmt - 1:4.2-3ubuntu6.17
qemu-user-static - 1:4.2-3ubuntu6.17
qemu-utils - 1:4.2-3ubuntu6.17
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-06-18
2021-06-18
https://bugzilla.redhat.com/show_bug.cgi?id=1973349
CVE-2021-3607
CVE-2021-3608 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.
Update Instructions:
Run `sudo pro fix CVE-2021-3608` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.17
qemu-block-extra - 1:4.2-3ubuntu6.17
qemu-guest-agent - 1:4.2-3ubuntu6.17
qemu-kvm - 1:4.2-3ubuntu6.17
qemu-system - 1:4.2-3ubuntu6.17
qemu-system-arm - 1:4.2-3ubuntu6.17
qemu-system-common - 1:4.2-3ubuntu6.17
qemu-system-data - 1:4.2-3ubuntu6.17
qemu-system-gui - 1:4.2-3ubuntu6.17
qemu-system-mips - 1:4.2-3ubuntu6.17
qemu-system-misc - 1:4.2-3ubuntu6.17
qemu-system-ppc - 1:4.2-3ubuntu6.17
qemu-system-s390x - 1:4.2-3ubuntu6.17
qemu-system-sparc - 1:4.2-3ubuntu6.17
qemu-system-x86 - 1:4.2-3ubuntu6.17
qemu-system-x86-microvm - 1:4.2-3ubuntu6.17
qemu-system-x86-xen - 1:4.2-3ubuntu6.17
qemu-user - 1:4.2-3ubuntu6.17
qemu-user-binfmt - 1:4.2-3ubuntu6.17
qemu-user-static - 1:4.2-3ubuntu6.17
qemu-utils - 1:4.2-3ubuntu6.17
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-06-18
2021-06-18
https://bugzilla.redhat.com/show_bug.cgi?id=1973383
CVE-2021-3608
CVE-2021-3682 on Ubuntu 20.04 LTS (focal) - medium.
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
Update Instructions:
Run `sudo pro fix CVE-2021-3682` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.21
qemu-block-extra - 1:4.2-3ubuntu6.21
qemu-guest-agent - 1:4.2-3ubuntu6.21
qemu-kvm - 1:4.2-3ubuntu6.21
qemu-system - 1:4.2-3ubuntu6.21
qemu-system-arm - 1:4.2-3ubuntu6.21
qemu-system-common - 1:4.2-3ubuntu6.21
qemu-system-data - 1:4.2-3ubuntu6.21
qemu-system-gui - 1:4.2-3ubuntu6.21
qemu-system-mips - 1:4.2-3ubuntu6.21
qemu-system-misc - 1:4.2-3ubuntu6.21
qemu-system-ppc - 1:4.2-3ubuntu6.21
qemu-system-s390x - 1:4.2-3ubuntu6.21
qemu-system-sparc - 1:4.2-3ubuntu6.21
qemu-system-x86 - 1:4.2-3ubuntu6.21
qemu-system-x86-microvm - 1:4.2-3ubuntu6.21
qemu-system-x86-xen - 1:4.2-3ubuntu6.21
qemu-user - 1:4.2-3ubuntu6.21
qemu-user-binfmt - 1:4.2-3ubuntu6.21
qemu-user-static - 1:4.2-3ubuntu6.21
qemu-utils - 1:4.2-3ubuntu6.21
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-05
2021-08-05
0xnishit
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991911
https://gitlab.com/qemu-project/qemu/-/issues/491
https://bugzilla.redhat.com/show_bug.cgi?id=1989651
CVE-2021-3682
CVE-2021-3713 on Ubuntu 20.04 LTS (focal) - low.
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.
Update Instructions:
Run `sudo pro fix CVE-2021-3713` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.17
qemu-block-extra - 1:4.2-3ubuntu6.17
qemu-guest-agent - 1:4.2-3ubuntu6.17
qemu-kvm - 1:4.2-3ubuntu6.17
qemu-system - 1:4.2-3ubuntu6.17
qemu-system-arm - 1:4.2-3ubuntu6.17
qemu-system-common - 1:4.2-3ubuntu6.17
qemu-system-data - 1:4.2-3ubuntu6.17
qemu-system-gui - 1:4.2-3ubuntu6.17
qemu-system-mips - 1:4.2-3ubuntu6.17
qemu-system-misc - 1:4.2-3ubuntu6.17
qemu-system-ppc - 1:4.2-3ubuntu6.17
qemu-system-s390x - 1:4.2-3ubuntu6.17
qemu-system-sparc - 1:4.2-3ubuntu6.17
qemu-system-x86 - 1:4.2-3ubuntu6.17
qemu-system-x86-microvm - 1:4.2-3ubuntu6.17
qemu-system-x86-xen - 1:4.2-3ubuntu6.17
qemu-user - 1:4.2-3ubuntu6.17
qemu-user-binfmt - 1:4.2-3ubuntu6.17
qemu-user-static - 1:4.2-3ubuntu6.17
qemu-utils - 1:4.2-3ubuntu6.17
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2021 Canonical Ltd.
2021-08-25
2021-08-25
https://bugzilla.redhat.com/show_bug.cgi?id=1994640
CVE-2021-3713
sbeattie> Red Hat claims UAS (usb attached scsi) device emulation is not supported by libvirt mdeslaur> introduced in 1.5.0
CVE-2021-3748 on Ubuntu 20.04 LTS (focal) - medium.
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
Update Instructions:
Run `sudo pro fix CVE-2021-3748` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.21
qemu-block-extra - 1:4.2-3ubuntu6.21
qemu-guest-agent - 1:4.2-3ubuntu6.21
qemu-kvm - 1:4.2-3ubuntu6.21
qemu-system - 1:4.2-3ubuntu6.21
qemu-system-arm - 1:4.2-3ubuntu6.21
qemu-system-common - 1:4.2-3ubuntu6.21
qemu-system-data - 1:4.2-3ubuntu6.21
qemu-system-gui - 1:4.2-3ubuntu6.21
qemu-system-mips - 1:4.2-3ubuntu6.21
qemu-system-misc - 1:4.2-3ubuntu6.21
qemu-system-ppc - 1:4.2-3ubuntu6.21
qemu-system-s390x - 1:4.2-3ubuntu6.21
qemu-system-sparc - 1:4.2-3ubuntu6.21
qemu-system-x86 - 1:4.2-3ubuntu6.21
qemu-system-x86-microvm - 1:4.2-3ubuntu6.21
qemu-system-x86-xen - 1:4.2-3ubuntu6.21
qemu-user - 1:4.2-3ubuntu6.21
qemu-user-binfmt - 1:4.2-3ubuntu6.21
qemu-user-static - 1:4.2-3ubuntu6.21
qemu-utils - 1:4.2-3ubuntu6.21
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2021 Canonical Ltd.
2021-08-31
2021-08-31
0xnishit
https://bugzilla.redhat.com/show_bug.cgi?id=1998514
CVE-2021-3748
CVE-2021-3930 on Ubuntu 20.04 LTS (focal) - low.
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.
Update Instructions:
Run `sudo pro fix CVE-2021-3930` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.21
qemu-block-extra - 1:4.2-3ubuntu6.21
qemu-guest-agent - 1:4.2-3ubuntu6.21
qemu-kvm - 1:4.2-3ubuntu6.21
qemu-system - 1:4.2-3ubuntu6.21
qemu-system-arm - 1:4.2-3ubuntu6.21
qemu-system-common - 1:4.2-3ubuntu6.21
qemu-system-data - 1:4.2-3ubuntu6.21
qemu-system-gui - 1:4.2-3ubuntu6.21
qemu-system-mips - 1:4.2-3ubuntu6.21
qemu-system-misc - 1:4.2-3ubuntu6.21
qemu-system-ppc - 1:4.2-3ubuntu6.21
qemu-system-s390x - 1:4.2-3ubuntu6.21
qemu-system-sparc - 1:4.2-3ubuntu6.21
qemu-system-x86 - 1:4.2-3ubuntu6.21
qemu-system-x86-microvm - 1:4.2-3ubuntu6.21
qemu-system-x86-xen - 1:4.2-3ubuntu6.21
qemu-user - 1:4.2-3ubuntu6.21
qemu-user-binfmt - 1:4.2-3ubuntu6.21
qemu-user-static - 1:4.2-3ubuntu6.21
qemu-utils - 1:4.2-3ubuntu6.21
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-02-18
2022-02-18
0xnishit
https://bugzilla.redhat.com/show_bug.cgi?id=2020588
https://gitlab.com/qemu-project/qemu/-/issues/546
CVE-2021-3930
CVE-2022-0216 on Ubuntu 20.04 LTS (focal) - low.
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
Update Instructions:
Run `sudo pro fix CVE-2022-0216` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.24
qemu-block-extra - 1:4.2-3ubuntu6.24
qemu-guest-agent - 1:4.2-3ubuntu6.24
qemu-kvm - 1:4.2-3ubuntu6.24
qemu-system - 1:4.2-3ubuntu6.24
qemu-system-arm - 1:4.2-3ubuntu6.24
qemu-system-common - 1:4.2-3ubuntu6.24
qemu-system-data - 1:4.2-3ubuntu6.24
qemu-system-gui - 1:4.2-3ubuntu6.24
qemu-system-mips - 1:4.2-3ubuntu6.24
qemu-system-misc - 1:4.2-3ubuntu6.24
qemu-system-ppc - 1:4.2-3ubuntu6.24
qemu-system-s390x - 1:4.2-3ubuntu6.24
qemu-system-sparc - 1:4.2-3ubuntu6.24
qemu-system-x86 - 1:4.2-3ubuntu6.24
qemu-system-x86-microvm - 1:4.2-3ubuntu6.24
qemu-system-x86-xen - 1:4.2-3ubuntu6.24
qemu-user - 1:4.2-3ubuntu6.24
qemu-user-binfmt - 1:4.2-3ubuntu6.24
qemu-user-static - 1:4.2-3ubuntu6.24
qemu-utils - 1:4.2-3ubuntu6.24
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-08-26
2022-08-26
0xnishit
https://bugzilla.redhat.com/show_bug.cgi?id=2036953
https://gitlab.com/qemu-project/qemu/-/issues/972
CVE-2022-0216
CVE-2022-1050 on Ubuntu 20.04 LTS (focal) - low.
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.
Update Instructions:
Run `sudo pro fix CVE-2022-1050` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
qemu - 1:4.2-3ubuntu6.27
qemu-block-extra - 1:4.2-3ubuntu6.27
qemu-guest-agent - 1:4.2-3ubuntu6.27
qemu-kvm - 1:4.2-3ubuntu6.27
qemu-system - 1:4.2-3ubuntu6.27
qemu-system-arm - 1:4.2-3ubuntu6.27
qemu-system-common - 1:4.2-3ubuntu6.27
qemu-system-data - 1:4.2-3ubuntu6.27
qemu-system-gui - 1:4.2-3ubuntu6.27
qemu-system-mips - 1:4.2-3ubuntu6.27
qemu-system-misc - 1:4.2-3ubuntu6.27
qemu-system-ppc - 1:4.2-3ubuntu6.27
qemu-system-s390x - 1:4.2-3ubuntu6.27
qemu-system-sparc - 1:4.2-3ubuntu6.27
qemu-system-x86 - 1:4.2-3ubuntu6.27
qemu-system-x86-microvm - 1:4.2-3ubuntu6.27
qemu-system-x86-xen - 1:4.2-3ubuntu6.27
qemu-user - 1:4.2-3ubuntu6.27
qemu-user-binfmt - 1:4.2-3ubuntu6.27
qemu-user-static - 1:4.2-3ubuntu6.27
qemu-utils - 1:4.2-3ubuntu6.27
No subscription required
Ubuntu 20.04 LTS
Low
Copyright (C) 2022 Canonical Ltd.
2022-03-29
2022-03-29
https://bugzilla.redhat.com/show_bug.cgi?id=2069625
CVE-2022-1050
CVE-2022-20158 on Ubuntu 20.04 LTS (focal) - medium.
In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182815710References: Upstream kernel
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-08-11
CVE-2022-20158
sbeattie> It seems the android advisory that contains this CVE has been updated to correctly reflect the associated commits with this issue; furthermore, it appears to have been introduced with an android only commit (see lore reference).
CVE-2022-21127 on Ubuntu 20.04 LTS (focal) - medium.
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Update Instructions:
Run `sudo pro fix CVE-2022-21127` to fix the vulnerability. The problem can be corrected
by updating your system to the following package versions:
intel-microcode - 3.20220510.0ubuntu0.20.04.1
No subscription required
Ubuntu 20.04 LTS
Medium
Copyright (C) 2022 Canonical Ltd.
2022-06-15
2022-06-15
CVE-2022-21127
/proc/kcare/cvelist
^CVE-\S+
1
/var/cache/kcare/libcare_cvelist
^CVE-\S+
1
CVE-2009-5155
CVE-2015-8553
CVE-2016-10228
CVE-2016-10723
CVE-2016-10739
CVE-2016-2853
CVE-2016-2854
CVE-2017-10911
CVE-2017-12133
CVE-2018-11236
CVE-2018-1128
CVE-2018-1129
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2018-12207
CVE-2018-25020
CVE-2018-3639
CVE-2019-0146
CVE-2019-11091
CVE-2019-15213
CVE-2019-1563
CVE-2019-19074
CVE-2019-19448
CVE-2019-19449
CVE-2019-19770
CVE-2019-20382
CVE-2019-25013
CVE-2019-7308
CVE-2020-0423
CVE-2020-0465
CVE-2020-0466
CVE-2020-0543
CVE-2020-10029
CVE-2020-10135
CVE-2020-10756
CVE-2020-10781
CVE-2020-11935
CVE-2020-12362
CVE-2020-12363
CVE-2020-12364
CVE-2020-12888
CVE-2020-14304
CVE-2020-14314
CVE-2020-14351
CVE-2020-14385
CVE-2020-14390
CVE-2020-15437
CVE-2020-15859
CVE-2020-16120
CVE-2020-16166
CVE-2020-1711
CVE-2020-1752
CVE-2020-1968
CVE-2020-1983
CVE-2020-24586
CVE-2020-24587
CVE-2020-24588
CVE-2020-25084
CVE-2020-25211
CVE-2020-25212
CVE-2020-25284
CVE-2020-25285
CVE-2020-25624
CVE-2020-25625
CVE-2020-25639
CVE-2020-25641
CVE-2020-25643
CVE-2020-25645
CVE-2020-25656
CVE-2020-25668
CVE-2020-25669
CVE-2020-25670
CVE-2020-25671
CVE-2020-25672
CVE-2020-25673
CVE-2020-25704
CVE-2020-25705
CVE-2020-25723
CVE-2020-26088
CVE-2020-26139
CVE-2020-26140
CVE-2020-26141
CVE-2020-26143
CVE-2020-26144
CVE-2020-26145
CVE-2020-26146
CVE-2020-26147
CVE-2020-26541
CVE-2020-26555
CVE-2020-26558
CVE-2020-27170
CVE-2020-27171
CVE-2020-27617
CVE-2020-27618
CVE-2020-27673
CVE-2020-27675
CVE-2020-27815
CVE-2020-27820
CVE-2020-27830
CVE-2020-27835
CVE-2020-28097
CVE-2020-28588
CVE-2020-28915
CVE-2020-28941
CVE-2020-28974
CVE-2020-29129
CVE-2020-29369
CVE-2020-29371
CVE-2020-29443
CVE-2020-29568
CVE-2020-29569
CVE-2020-29573
CVE-2020-29660
CVE-2020-29661
CVE-2020-35504
CVE-2020-35505
CVE-2020-35508
CVE-2020-35519
CVE-2020-36158
CVE-2020-36310
CVE-2020-36311
CVE-2020-36312
CVE-2020-36322
CVE-2020-36385
CVE-2020-36386
CVE-2020-36516
CVE-2020-36557
CVE-2020-36558
CVE-2020-3702
CVE-2020-6096
CVE-2020-7039
CVE-2020-8608
CVE-2021-0129
CVE-2021-0512
CVE-2021-0605
CVE-2021-0920
CVE-2021-0935
CVE-2021-0941
CVE-2021-1048
CVE-2021-20177
CVE-2021-20181
CVE-2021-20194
CVE-2021-20196
CVE-2021-20203
CVE-2021-20221
CVE-2021-20239
CVE-2021-20257
CVE-2021-20292
CVE-2021-20317
CVE-2021-20321
CVE-2021-20322
CVE-2021-21781
CVE-2021-22543
CVE-2021-22555
CVE-2021-22600
CVE-2021-23133
CVE-2021-23134
CVE-2021-23840
CVE-2021-26401
CVE-2021-26708
CVE-2021-26930
CVE-2021-26931
CVE-2021-26932
CVE-2021-27363
CVE-2021-27364
CVE-2021-27365
CVE-2021-27645
CVE-2021-28038
CVE-2021-28375
CVE-2021-28660
CVE-2021-28688
CVE-2021-28691
CVE-2021-28711
CVE-2021-28712
CVE-2021-28713
CVE-2021-28714
CVE-2021-28715
CVE-2021-28950
CVE-2021-28964
CVE-2021-28971
CVE-2021-28972
CVE-2021-29154
CVE-2021-29155
CVE-2021-29264
CVE-2021-29265
CVE-2021-29266
CVE-2021-29646
CVE-2021-29647
CVE-2021-29650
CVE-2021-30002
CVE-2021-31440
CVE-2021-3178
CVE-2021-31829
CVE-2021-31916
CVE-2021-32399
CVE-2021-33033
CVE-2021-33034
CVE-2021-33061
CVE-2021-33098
CVE-2021-33200
CVE-2021-3326
CVE-2021-3347
CVE-2021-3348
CVE-2021-33624
CVE-2021-33655
CVE-2021-33656
CVE-2021-33909
CVE-2021-3392
CVE-2021-3409
CVE-2021-3428
CVE-2021-3444
CVE-2021-3449
CVE-2021-34556
CVE-2021-34557
CVE-2021-34693
CVE-2021-3483
CVE-2021-3489
CVE-2021-3490
CVE-2021-3491
CVE-2021-3492
CVE-2021-3493
CVE-2021-3501
CVE-2021-35039
CVE-2021-3506
CVE-2021-3507
CVE-2021-3527
CVE-2021-3543
CVE-2021-35477
CVE-2021-3564
CVE-2021-3573
CVE-2021-35942
CVE-2021-3600
CVE-2021-3609
CVE-2021-3612
CVE-2021-3635
CVE-2021-3638
CVE-2021-3640
CVE-2021-3653
CVE-2021-3655
CVE-2021-3656
CVE-2021-3659
CVE-2021-3669
CVE-2021-3679
CVE-2021-3711
CVE-2021-3712
CVE-2021-3715
CVE-2021-37159
CVE-2021-3732
CVE-2021-3739
CVE-2021-3743
CVE-2021-3744
CVE-2021-3752
CVE-2021-3753
CVE-2021-37576
CVE-2021-3759
CVE-2021-3760
CVE-2021-3764
CVE-2021-3772
CVE-2021-3773
CVE-2021-38160
CVE-2021-38166
CVE-2021-38198
CVE-2021-38199
CVE-2021-38200
CVE-2021-38201
CVE-2021-38204
CVE-2021-38205
CVE-2021-38206
CVE-2021-38207
CVE-2021-38208
CVE-2021-38300
CVE-2021-39634
CVE-2021-39636
CVE-2021-39648
CVE-2021-39656
CVE-2021-39685
CVE-2021-39686
CVE-2021-39698
CVE-2021-39713
CVE-2021-39714
CVE-2021-3999
CVE-2021-4001
CVE-2021-4002
CVE-2021-4028
CVE-2021-4037
CVE-2021-40490
CVE-2021-4083
CVE-2021-4090
CVE-2021-4093
CVE-2021-41073
CVE-2021-4135
CVE-2021-4149
CVE-2021-4154
CVE-2021-4155
CVE-2021-4157
CVE-2021-4159
CVE-2021-41864
CVE-2021-4197
CVE-2021-42008
CVE-2021-4202
CVE-2021-4203
CVE-2021-4204
CVE-2021-4206
CVE-2021-4207
CVE-2021-42252
CVE-2021-42327
CVE-2021-42739
CVE-2021-43056
CVE-2021-43267
CVE-2021-43389
CVE-2021-43975
CVE-2021-43976
CVE-2021-44733
CVE-2021-45095
CVE-2021-45469
CVE-2021-45480
CVE-2021-45485
CVE-2021-45486
CVE-2021-45868
CVE-2022-0001
CVE-2022-0002
CVE-2022-0168
CVE-2022-0171
CVE-2022-0185
CVE-2022-0286
CVE-2022-0322
CVE-2022-0330
CVE-2022-0435
CVE-2022-0487
CVE-2022-0492
CVE-2022-0494
CVE-2022-0500
CVE-2022-0516
CVE-2022-0617
CVE-2022-0778
CVE-2022-0812
CVE-2022-0847
CVE-2022-0850
CVE-2022-0854
CVE-2022-0998
CVE-2022-1011
CVE-2022-1012
CVE-2022-1015
CVE-2022-1016
CVE-2022-1048
CVE-2022-1055
CVE-2022-1116
CVE-2022-1158
CVE-2022-1184
CVE-2022-1195
CVE-2022-1198
CVE-2022-1199
CVE-2022-1204
CVE-2022-1205
CVE-2022-1263
CVE-2022-1280
CVE-2022-1353
CVE-2022-1419
CVE-2022-1462
CVE-2022-1516
CVE-2022-1651
CVE-2022-1652
CVE-2022-1671
CVE-2022-1678
CVE-2022-1679
CVE-2022-1729
CVE-2022-1734
CVE-2022-1786
CVE-2022-1789
CVE-2022-1852
CVE-2022-1882
CVE-2022-1943
CVE-2022-1973
CVE-2022-1974
CVE-2022-1975
CVE-2022-1998
CVE-2022-20008
CVE-2022-20132
CVE-2022-20141
CVE-2022-20154
CVE-2022-20368
CVE-2022-20369
CVE-2022-20421
CVE-2022-20422
CVE-2022-20423
CVE-2022-20566
CVE-2022-20572
CVE-2022-2078
CVE-2022-21123
CVE-2022-21125
CVE-2022-21166
CVE-2022-21385
CVE-2022-21499
CVE-2022-21505
CVE-2022-2153
CVE-2022-2196
CVE-2022-22942
CVE-2022-23036
CVE-2022-23037
CVE-2022-23038
CVE-2022-23039
CVE-2022-23040
CVE-2022-23041
CVE-2022-23042
CVE-2022-2318
CVE-2022-23218
CVE-2022-23219
CVE-2022-23222
CVE-2022-2327
CVE-2022-2380
CVE-2022-23825
CVE-2022-23960
CVE-2022-24448
CVE-2022-24958
CVE-2022-24959
CVE-2022-2503
CVE-2022-25258
CVE-2022-25265
CVE-2022-25375
CVE-2022-25636
CVE-2022-2585
CVE-2022-2586
CVE-2022-2588
CVE-2022-2602
CVE-2022-26353
CVE-2022-26354
CVE-2022-26365
CVE-2022-26373
CVE-2022-2639
CVE-2022-26490
CVE-2022-2663
CVE-2022-26966
CVE-2022-27223
CVE-2022-27666
CVE-2022-27672
CVE-2022-27950
CVE-2022-28356
CVE-2022-28388
CVE-2022-28389
CVE-2022-28390
CVE-2022-2873
CVE-2022-28893
CVE-2022-2905
CVE-2022-29156
CVE-2022-2938
CVE-2022-29581
CVE-2022-29582
CVE-2022-2959
CVE-2022-2964
CVE-2022-2978
CVE-2022-29900
CVE-2022-29901
CVE-2022-3028
CVE-2022-30594
CVE-2022-3061
CVE-2022-3077
CVE-2022-3104
CVE-2022-3107
CVE-2022-3108
CVE-2022-3110
CVE-2022-3111
CVE-2022-3115
CVE-2022-3169
CVE-2022-3176
CVE-2022-3202
CVE-2022-32250
CVE-2022-32296
CVE-2022-3239
CVE-2022-32981
CVE-2022-3303
CVE-2022-3344
CVE-2022-33740
CVE-2022-33741
CVE-2022-33742
CVE-2022-33743
CVE-2022-33744
CVE-2022-33981
CVE-2022-3424
CVE-2022-3435
CVE-2022-34494
CVE-2022-34495
CVE-2022-34918
CVE-2022-3521
CVE-2022-3524
CVE-2022-3543
CVE-2022-3545
CVE-2022-3564
CVE-2022-3565
CVE-2022-3566
CVE-2022-3567
CVE-2022-3577
CVE-2022-3586
CVE-2022-3594
CVE-2022-36123
CVE-2022-3619
CVE-2022-3621
CVE-2022-3623
CVE-2022-3625
CVE-2022-3628
CVE-2022-36280
CVE-2022-3629
CVE-2022-3633
CVE-2022-3635
CVE-2022-3640
CVE-2022-3643
CVE-2022-3646
CVE-2022-3649
CVE-2022-36879
CVE-2022-36946
CVE-2022-3903
CVE-2022-39188
CVE-2022-39189
CVE-2022-39190
CVE-2022-39842
CVE-2022-40307
CVE-2022-40768
CVE-2022-4095
CVE-2022-41218
CVE-2022-41222
CVE-2022-4129
CVE-2022-4139
CVE-2022-41674
CVE-2022-41849
CVE-2022-41850
CVE-2022-41858
CVE-2022-42328
CVE-2022-42329
CVE-2022-4269
CVE-2022-42703
CVE-2022-42719
CVE-2022-42720
CVE-2022-42721
CVE-2022-42722
CVE-2022-42895
CVE-2022-42896
CVE-2022-4304
CVE-2022-43750
CVE-2022-4378
CVE-2022-4379
CVE-2022-4382
CVE-2022-43945
CVE-2022-4450
CVE-2022-45869
CVE-2022-45884
CVE-2022-45885
CVE-2022-45886
CVE-2022-45887
CVE-2022-45919
CVE-2022-45934
CVE-2022-4662
CVE-2022-4696
CVE-2022-4744
CVE-2022-47518
CVE-2022-47519
CVE-2022-47520
CVE-2022-47521
CVE-2022-47929
CVE-2022-47938
CVE-2022-47939
CVE-2022-47940
CVE-2022-47941
CVE-2022-47942
CVE-2022-47943
CVE-2022-4842
CVE-2022-48423
CVE-2022-48424
CVE-2023-0045
CVE-2023-0179
CVE-2023-0210
CVE-2023-0215
CVE-2023-0266
CVE-2023-0286
CVE-2023-0386
CVE-2023-0394
CVE-2023-0458
CVE-2023-0459
CVE-2023-0461
CVE-2023-0464
CVE-2023-0465
CVE-2023-0466
CVE-2023-0468
CVE-2023-0590
CVE-2023-1073
CVE-2023-1074
CVE-2023-1077
CVE-2023-1078
CVE-2023-1095
CVE-2023-1118
CVE-2023-1195
CVE-2023-1281
CVE-2023-1382
CVE-2023-1513
CVE-2023-1652
CVE-2023-1829
CVE-2023-1872
CVE-2023-1998
CVE-2023-20928
CVE-2023-2162
CVE-2023-22998
CVE-2023-23454
CVE-2023-23455
CVE-2023-23559
CVE-2023-2650
CVE-2023-26544
CVE-2023-26545
CVE-2023-26605
CVE-2023-26606
CVE-2023-26607
CVE-2023-28328
CVE-2023-32233
CVE-2023-32269
CVE-2013-2596
CVE-2015-1350
CVE-2015-5180
CVE-2017-0786
CVE-2017-1000408
CVE-2017-1000409
CVE-2017-13080
CVE-2017-15670
CVE-2017-15804
CVE-2017-16644
CVE-2017-16997
CVE-2017-18269
CVE-2017-5967
CVE-2017-9725
CVE-2018-0734
CVE-2018-10322
CVE-2018-10323
CVE-2018-10839
CVE-2018-11237
CVE-2018-11806
CVE-2018-12617
CVE-2018-13093
CVE-2018-13095
CVE-2018-13098
CVE-2018-14625
CVE-2018-17958
CVE-2018-18281
CVE-2018-19489
CVE-2018-19591
CVE-2018-20669
CVE-2018-20976
CVE-2018-21008
CVE-2018-5383
CVE-2018-5407
CVE-2018-5848
CVE-2018-5953
CVE-2018-5995
CVE-2018-6485
CVE-2018-7273
CVE-2018-7754
CVE-2019-0136
CVE-2019-0145
CVE-2019-0147
CVE-2019-0148
CVE-2019-0149
CVE-2019-0154
CVE-2019-0155
CVE-2019-10207
CVE-2019-10220
CVE-2019-11135
CVE-2019-12881
CVE-2019-13631
CVE-2019-14615
CVE-2019-14814
CVE-2019-14815
CVE-2019-14816
CVE-2019-14821
CVE-2019-14895
CVE-2019-14896
CVE-2019-14897
CVE-2019-14901
CVE-2019-15090
CVE-2019-15098
CVE-2019-15099
CVE-2019-15117
CVE-2019-15118
CVE-2019-15211
CVE-2019-15212
CVE-2019-15215
CVE-2019-15217
CVE-2019-15218
CVE-2019-15219
CVE-2019-15220
CVE-2019-15221
CVE-2019-15291
CVE-2019-1547
CVE-2019-1549
CVE-2019-15504
CVE-2019-15505
CVE-2019-1551
CVE-2019-15538
CVE-2019-1559
CVE-2019-15794
CVE-2019-15902
CVE-2019-15918
CVE-2019-15925
CVE-2019-15926
CVE-2019-16089
CVE-2019-16229
CVE-2019-16231
CVE-2019-16232
CVE-2019-16233
CVE-2019-16234
CVE-2019-16714
CVE-2019-16746
CVE-2019-17052
CVE-2019-17053
CVE-2019-17054
CVE-2019-17055
CVE-2019-17056
CVE-2019-17075
CVE-2019-17133
CVE-2019-17351
CVE-2019-17666
CVE-2019-18282
CVE-2019-18683
CVE-2019-18786
CVE-2019-18805
CVE-2019-18806
CVE-2019-18808
CVE-2019-18809
CVE-2019-18811
CVE-2019-18813
CVE-2019-18885
CVE-2019-19036
CVE-2019-19037
CVE-2019-19039
CVE-2019-19043
CVE-2019-19045
CVE-2019-19046
CVE-2019-19048
CVE-2019-19050
CVE-2019-19051
CVE-2019-19052
CVE-2019-19053
CVE-2019-19054
CVE-2019-19055
CVE-2019-19056
CVE-2019-19057
CVE-2019-19058
CVE-2019-19059
CVE-2019-19060
CVE-2019-19061
CVE-2019-19062
CVE-2019-19063
CVE-2019-19064
CVE-2019-19065
CVE-2019-19066
CVE-2019-19067
CVE-2019-19068
CVE-2019-19071
CVE-2019-19072
CVE-2019-19073
CVE-2019-19075
CVE-2019-19076
CVE-2019-19077
CVE-2019-19078
CVE-2019-19079
CVE-2019-19080
CVE-2019-19081
CVE-2019-19082
CVE-2019-19083
CVE-2019-19126
CVE-2019-19227
CVE-2019-19241
CVE-2019-19252
CVE-2019-19318
CVE-2019-19319
CVE-2019-19332
CVE-2019-19377
CVE-2019-19447
CVE-2019-19462
CVE-2019-19523
CVE-2019-19524
CVE-2019-19525
CVE-2019-19526
CVE-2019-19527
CVE-2019-19528
CVE-2019-19529
CVE-2019-19530
CVE-2019-19531
CVE-2019-19532
CVE-2019-19533
CVE-2019-19534
CVE-2019-19535
CVE-2019-19536
CVE-2019-19537
CVE-2019-19602
CVE-2019-19767
CVE-2019-19768
CVE-2019-19769
CVE-2019-19813
CVE-2019-19816
CVE-2019-19922
CVE-2019-19947
CVE-2019-19965
CVE-2019-19966
CVE-2019-20054
CVE-2019-20096
CVE-2019-20636
CVE-2019-20806
CVE-2019-20810
CVE-2019-20811
CVE-2019-20812
CVE-2019-20934
CVE-2019-3016
CVE-2019-3812
CVE-2019-5108
CVE-2019-6778
CVE-2019-9169
CVE-2019-9445
CVE-2019-9453
CVE-2019-9454
CVE-2019-9455
CVE-2019-9456
CVE-2019-9458
CVE-2019-9506
CVE-2020-0009
CVE-2020-0067
CVE-2020-0305
CVE-2020-0404
CVE-2020-0427
CVE-2020-0429
CVE-2020-0431
CVE-2020-0432
CVE-2020-0433
CVE-2020-0444
CVE-2020-10690
CVE-2020-10711
CVE-2020-10720
CVE-2020-10732
CVE-2020-10742
CVE-2020-10751
CVE-2020-10757
CVE-2020-10761
CVE-2020-10766
CVE-2020-10767
CVE-2020-10768
CVE-2020-10769
CVE-2020-10774
CVE-2020-10942
CVE-2020-11494
CVE-2020-11565
CVE-2020-11608
CVE-2020-11609
CVE-2020-11668
CVE-2020-12114
CVE-2020-12351
CVE-2020-12352
CVE-2020-12464
CVE-2020-12465
CVE-2020-12652
CVE-2020-12653
CVE-2020-12654
CVE-2020-12655
CVE-2020-12656
CVE-2020-12657
CVE-2020-12659
CVE-2020-12768
CVE-2020-12769
CVE-2020-12770
CVE-2020-12771
CVE-2020-12826
CVE-2020-12912
CVE-2020-13143
CVE-2020-13253
CVE-2020-13974
CVE-2020-14305
CVE-2020-14331
CVE-2020-14356
CVE-2020-14364
CVE-2020-14386
CVE-2020-14416
CVE-2020-15393
CVE-2020-15436
CVE-2020-15780
CVE-2020-16119
CVE-2020-1749
CVE-2020-1751
CVE-2020-1967
CVE-2020-1971
CVE-2020-24394
CVE-2020-24490
CVE-2020-25220
CVE-2020-25661
CVE-2020-25662
CVE-2020-27068
CVE-2020-27152
CVE-2020-2732
CVE-2020-27777
CVE-2020-27786
CVE-2020-27825
CVE-2020-28374
CVE-2020-28916
CVE-2020-29368
CVE-2020-29370
CVE-2020-29374
CVE-2020-29562
CVE-2020-35513
CVE-2020-4788
CVE-2020-7053
CVE-2020-8428
CVE-2020-8647
CVE-2020-8648
CVE-2020-8649
CVE-2020-8694
CVE-2020-8835
CVE-2020-8992
CVE-2020-9383
CVE-2021-0342
CVE-2021-20219
CVE-2021-20265
CVE-2021-23841
CVE-2021-33574
CVE-2021-3450
CVE-2021-3582
CVE-2021-3607
CVE-2021-3608
CVE-2021-3682
CVE-2021-3713
CVE-2021-3748
CVE-2021-3930
CVE-2022-0216
CVE-2022-1050
CVE-2022-20158
CVE-2022-21127