USN-4680-1

Description

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19770) It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-0423) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135) It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-25656) Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-25668) Keyu Man discovered that the ICMP global rate limiter in the Linux kernel could be used to assist in scanning open UDP ports. A remote attacker could use to facilitate attacks on UDP based services that depend on source port randomization. (CVE-2020-25705) Jinoh Kang discovered that the Xen event channel infrastructure in the Linux kernel contained a race condition. An attacker in guest could possibly use this to cause a denial of service (dom0 crash). (CVE-2020-27675) Daniel Axtens discovered that PowerPC RTAS implementation in the Linux kernel did not properly restrict memory accesses in some situations. A privileged local attacker could use this to arbitrarily modify kernel memory, potentially bypassing kernel lockdown restrictions. (CVE-2020-27777) Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-28974)

Affected Systems

• ubuntu•linux

  < 4.15.0-129.132

• ubuntu•linux-aws

  < 4.15.0-1091.96

• ubuntu•linux-aws-hwe

  < 4.15.0-1091.96~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1103.114~14.04.1 | < 4.15.0-1103.114~16.04.1

• ubuntu•linux-azure-4.15

  < 4.15.0-1103.114

• ubuntu•linux-gcp

  < 4.15.0-1091.104~16.04.1

• ubuntu•linux-gcp-4.15

  < 4.15.0-1091.104

• ubuntu•linux-gke-4.15

  < 4.15.0-1077.82

• ubuntu•linux-hwe

  < 4.15.0-129.132~16.04.1

• ubuntu•linux-kvm

  < 4.15.0-1082.84

• ubuntu•linux-oracle

  < 4.15.0-1062.68~16.04.1 | < 4.15.0-1062.68

• ubuntu•linux-raspi2

  < 4.15.0-1077.82

• ubuntu•linux-snapdragon

  < 4.15.0-1094.103

References (10)

• https://ubuntu.com/security/notices/USN-4680-1
• https://ubuntu.com/security/CVE-2019-19770
• https://ubuntu.com/security/CVE-2020-0423
• https://ubuntu.com/security/CVE-2020-10135
• https://ubuntu.com/security/CVE-2020-25656
• https://ubuntu.com/security/CVE-2020-25668
• https://ubuntu.com/security/CVE-2020-25705
• https://ubuntu.com/security/CVE-2020-27675
• https://ubuntu.com/security/CVE-2020-27777
• https://ubuntu.com/security/CVE-2020-28974