USN-4363-1
Vulnerability Summary
Timeline
Description
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494) It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability to specify mount options could use this to cause a denial of service (system crash). (CVE-2020-11565) David Gibson discovered that the Linux kernel on Power9 CPUs did not properly save and restore Authority Mask registers state in some situations. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2020-11669) It was discovered that the block layer in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-12657)
Affected Systems
- ubuntu•linux
< 4.15.0-101.102
- ubuntu•linux-aws
< 4.15.0-1067.71
- ubuntu•linux-aws-hwe
< 4.15.0-1067.71~16.04.1
- ubuntu•linux-azure
< 4.15.0-1083.93~16.04.1
- ubuntu•linux-azure-4.15
< 4.15.0-1083.93
- ubuntu•linux-gcp
< 4.15.0-1071.81~16.04.1
- ubuntu•linux-gke-4.15
< 4.15.0-1059.62
- ubuntu•linux-hwe
< 4.15.0-101.102~16.04.1
- ubuntu•linux-kvm
< 4.15.0-1060.61
- ubuntu•linux-oem
< 4.15.0-1081.91
- ubuntu•linux-oracle
< 4.15.0-1039.43~16.04.1 | < 4.15.0-1039.43
- ubuntu•linux-raspi2
< 4.15.0-1062.66
- ubuntu•linux-snapdragon
< 4.15.0-1079.86