LSN-0083-1
Vulnerability Summary
Timeline
Description
Kernel Live Patch Security Notice The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.(CVE-2018-25020) Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory.(CVE-2021-3653) Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages.(CVE-2021-4002) Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2021-22555) It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2021-33909)
Affected Systems
- ubuntu•linux
all | < 4.4.0-218.251 | < 4.15.0-166.174 | < 5.4.0-92.103
- ubuntu•linux-aws
all | < 4.4.0-1134.148 | < 4.15.0-1118.125 | < 5.4.0-1061.64
- ubuntu•linux-azure
all | < 4.15.0-1129.142~16.04.1 | < 5.4.0-1065.68
- ubuntu•linux-gcp
all | < 5.4.0-1059.63
- ubuntu•linux-gke
all | < 5.4.0-1057.60
- ubuntu•linux-gke-4.15
all
- ubuntu•linux-gke-5.4
all | < 5.4.0-1057.60~18.04.1
- ubuntu•linux-gkeop
all | < 5.4.0-1029.30
- ubuntu•linux-gkeop-5.4
all | < 5.4.0-1029.30~18.04.2
- ubuntu•linux-hwe
all | < 4.15.0-166.174~16.04.1
- ubuntu•linux-oem
all