Thursday, March 18, 2021

Ubuntu: USN-4878-1 (CVE-2021-20239): Linux kernel vulnerabilities

Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.From USN-4878-1:It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-36158)Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could allow a user space program to probe for valid kernel addresses. A local attacker could use this to ease exploitation of another kernel vulnerability. (CVE-2021-20239)It was discovered that the priority inheritance futex implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3347)吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. (CVE-2021-3178)
Solution(s)
  • ubuntu-upgrade-linux-image-5-4-0-1011-gkeop
  • ubuntu-upgrade-linux-image-5-4-0-1030-raspi
  • ubuntu-upgrade-linux-image-5-4-0-1034-kvm
  • ubuntu-upgrade-linux-image-5-4-0-1037-gke
  • ubuntu-upgrade-linux-image-5-4-0-1038-gcp
  • ubuntu-upgrade-linux-image-5-4-0-1039-aws
  • ubuntu-upgrade-linux-image-5-4-0-1039-oracle
  • ubuntu-upgrade-linux-image-5-4-0-1041-azure
  • ubuntu-upgrade-linux-image-5-4-0-67-generic
  • ubuntu-upgrade-linux-image-5-4-0-67-generic-lpae
  • ubuntu-upgrade-linux-image-5-4-0-67-lowlatency
  • ubuntu-upgrade-linux-image-aws
  • ubuntu-upgrade-linux-image-aws-edge
  • ubuntu-upgrade-linux-image-azure
  • ubuntu-upgrade-linux-image-azure-edge
  • ubuntu-upgrade-linux-image-gcp
  • ubuntu-upgrade-linux-image-gcp-edge
  • ubuntu-upgrade-linux-image-generic
  • ubuntu-upgrade-linux-image-generic-hwe-18-04
  • ubuntu-upgrade-linux-image-generic-lpae
  • ubuntu-upgrade-linux-image-generic-lpae-hwe-18-04
  • ubuntu-upgrade-linux-image-gke-5-4
  • ubuntu-upgrade-linux-image-gkeop
  • ubuntu-upgrade-linux-image-gkeop-5-4
  • ubuntu-upgrade-linux-image-kvm
  • ubuntu-upgrade-linux-image-lowlatency
  • ubuntu-upgrade-linux-image-lowlatency-hwe-18-04
  • ubuntu-upgrade-linux-image-oem
  • ubuntu-upgrade-linux-image-oem-osp1
  • ubuntu-upgrade-linux-image-oracle
  • ubuntu-upgrade-linux-image-raspi
  • ubuntu-upgrade-linux-image-raspi-hwe-18-04
  • ubuntu-upgrade-linux-image-raspi2
  • ubuntu-upgrade-linux-image-snapdragon-hwe-18-04
  • ubuntu-upgrade-linux-image-virtual
  • ubuntu-upgrade-linux-image-virtual-hwe-18-04


  • References
  • USN-4876-1
  • USN-4877-1
  • USN-4878-1
  • USN-4879-1
  • CVE-2021-20239




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated