USN-4419-1
Vulnerability Summary
Timeline
Description
linux, linux-lts-xenial, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities It was discovered that a race condition existed in the Precision Time Protocol (PTP) implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-10690) Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash). (CVE-2020-10711) It was discovered that the SCSI generic (sg) driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-12770) It was discovered that the USB Gadget device driver in the Linux kernel did not validate arguments passed from configfs in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-13143) Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). (CVE-2020-8992)
Affected Systems
- ubuntu•linux
< 4.4.0-185.215
- ubuntu•linux-aws
< 4.4.0-1074.78 | < 4.4.0-1110.121
- ubuntu•linux-kvm
< 4.4.0-1076.83
- ubuntu•linux-lts-xenial
< 4.4.0-185.215~14.04.1
- ubuntu•linux-raspi2
< 4.4.0-1135.144
- ubuntu•linux-snapdragon
< 4.4.0-1139.147