QID 198533
Date Published: 2021-10-18
QID 198533: Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5106-1)
The io_uring subsystem in the linux kernel could be coerced to free adjacent memory.
The linux kernel did not properly enforce certain types of entries in the secure boot forbidden signature database (aka dbx) protection mechanism.
The kvm hypervisor implementation in the linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability.
The joystick device interface in the linux kernel did not properly validate data passed via an ioctl().the virtio console implementation in the linux kernel did not properly validate input lengths in some situations.
The nfsv4 client implementation in the linux kernel did not properly order connection setup operations.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
a local attacker could use this to execute arbitrary code. (
Cve-2021-41073).
An attacker could use this to bypass uefi secure boot restrictions. (
Cve-2020-26541).
An attacker who could start and control a vm could possibly use this to expose sensitive information or execute arbitrary code. (
Cve-2021-22543).
A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (
Cve-2021-3612).
A local attacker could possibly use this to cause a denial of service (system crash) (cve-2021-38160).
An attacker controlling a remote nfs server could use this to cause a denial of service on the client. (
Cve-2021-38199).
- USN-5106-1 -
ubuntu.com/security/notices/USN-5106-1
CVEs related to QID 198533
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| USN-5106-1 | Ubuntu Linux |
ubuntu.com/security/notices/USN-5106-1 |