USN-4425-1

Description

linux, linux-aws, linux-azure, linux-azure-5.4, linux-gcp, linux-hwe-5.4, linux-kvm, linux-oracle, linux-raspi, linux-raspi-5.4, linux-riscv vulnerabilities It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19462) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2020-15780)

Affected Systems

• ubuntu•linux

  < 5.4.0-42.46

• ubuntu•linux-aws

  < 5.4.0-1020.20

• ubuntu•linux-azure

  < 5.4.0-1022.22

• ubuntu•linux-azure-5.4

  < 5.4.0-1022.22~18.04.1

• ubuntu•linux-gcp

  < 5.4.0-1021.21

• ubuntu•linux-hwe-5.4

  < 5.4.0-42.46~18.04.1

• ubuntu•linux-kvm

  < 5.4.0-1020.20

• ubuntu•linux-oracle

  < 5.4.0-1021.21

• ubuntu•linux-raspi

  < 5.4.0-1015.15

• ubuntu•linux-raspi-5.4

  < 5.4.0-1015.15~18.04.1

• ubuntu•linux-riscv

  < 5.4.0-30.34

References (5)

• https://ubuntu.com/security/notices/USN-4425-1
• https://ubuntu.com/security/CVE-2019-16089
• https://ubuntu.com/security/CVE-2019-19462
• https://ubuntu.com/security/CVE-2020-11935
• https://ubuntu.com/security/CVE-2020-15780