QID 198403
Date Published: 2021-06-16
QID 198403: Ubuntu Security Notification for Linux kernel vulnerabilities (USN-4984-1)
The xen netback backend in the linux kernel did not properly handle certain error conditions under paravirtualization.
The realtek rtl8188eu wireless device driver in the linux kernel did not properly validate ssid lengths in some situations.
The xen paravirtualization backend in the linux kernel did not properly deallocate memory in some situations.
The fuse user space file system implementation in the linux kernel did not properly handle bad inodes in some situations.
The audio driver for qualcomm sdm845 systems in the linux kernel did not properly validate port id numbers.
The btrfs file system implementation in the linux kernel contained a race condition during certain cloning operations.
The perf subsystem in the linux kernel did not properly handle certain pebs records properly for some intel haswell processors.
The rpa pci hotplug driver implementation in the linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow.
The qualcomm ipc router implementation in the linux kernel did not properly initialize memory passed to user space.
The video4linux subsystem in the linux kernel did not properly deallocate memory in some situations.
The block device manager (dm) implementation in the linux kernel contained a buffer overflow in the ioctl for listing devices.
The cipso implementation in the linux kernel did not properly perform reference counting in some situations, leading to use- after-free vulnerabilities.
The ieee 1394 (firewire) nosy packet sniffer driver in the linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
an attacker in a guest vm could possibly use this to cause a denial of service (host domain crash) (cve-2021-28038).
An attacker could use this to cause a denial of service (system crash).
(cve-2021-28660).
A local attacker could use this to cause a denial of service (memory exhaustion).
(cve-2021-28688).
A local attacker could possibly use this to cause a denial of service.
(cve-2021-28950).
A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (
cve-2021-28952).
a local attacker could possibly use this to cause a denial of service (system crash) (cve-2021-28964).
A local attacker could use this to cause a denial of service (system crash) (cve-2021-28971).
A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(cve-2021-28972).
A local attacker could use this to expose sensitive information (kernel memory).
(cve-2021-29647).
A local attacker could use this to cause a denial of service (memory exhaustion).
(cve-2021-30002).
A privileged local attacker could use this to cause a denial of service (system crash) (cve-2021-31916).
An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (
cve-2021-33033).
A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (
cve-2021-3483).
- USN-4984-1 -
usn.ubuntu.com/4984-1
CVEs related to QID 198403
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| USN-4984-1 | Ubuntu Linux |
usn.ubuntu.com/4984-1 |