QID 198459
Date Published: 2021-08-23
QID 198459: Ubuntu Security Notification for Linux, Linux-aws, Linux-aws-hwe, Linux-azure, Linux-azure-4.15, Linux-gcp, (USN-5018-1)
It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error.
It was discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations.
It was discovered that the Linux kernel's WiFi implementation did not properly clear received fragments from memory in some situations.
It was discovered that the Linux kernel's WiFi implementation incorrectly handled encrypted fragments.
It was discovered that the Linux kernel's WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders.
It was discovered that the Linux kernel's WiFi implementation could reassemble mixed encrypted and plaintext fragments.
It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control.
It was discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel.
It was discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations.
It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects.
It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel.
A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909)
A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200)
A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586)
A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587)
A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139)
A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147)
An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)
A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134)
A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-31829)
An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399)
A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)
- USN-5018-1 -
usn.ubuntu.com/5018-1/
CVEs related to QID 198459
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| USN-5018-1 | 18.04 (bionic) on src | linux-image-4.15.0-1078-oracle |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-4.15.0-1092-raspi2 |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-4.15.0-1097-kvm |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-4.15.0-1106-gcp |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-4.15.0-1109-aws |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-4.15.0-1109-snapdragon |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-4.15.0-1121-azure |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-4.15.0-151-generic |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-4.15.0-151-generic-lpae |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-4.15.0-151-lowlatency |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-aws-lts-18.04 |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-azure-lts-18.04 |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-gcp-lts-18.04 |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-generic |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-generic-lpae |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-kvm |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-lowlatency |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-oracle-lts-18.04 |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-raspi2 |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-snapdragon |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |
| USN-5018-1 | 18.04 (bionic) on src | linux-image-virtual |
launchpad.net/ubuntu/+source/linux/4.15.0-151.157 |