USN-4750-1
Vulnerability Summary
Timeline
Description
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669) It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2020-27815) Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in the Linux kernel did not correctly handle setting line discipline in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-27830, CVE-2020-28941) It was discovered that an information leak existed in the syscall implementation in the Linux kernel on 32 bit systems. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28588) Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29568) Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29569) Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-29660) Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle filter rules in some situations. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service. (CVE-2021-20177)
Affected Systems
- ubuntu•linux
< 5.4.0-66.74
- ubuntu•linux-aws
< 5.4.0-1038.40
- ubuntu•linux-aws-5.4
< 5.4.0-1038.40~18.04.1
- ubuntu•linux-azure
< 5.4.0-1040.42
- ubuntu•linux-azure-5.4
< 5.4.0-1040.42~18.04.1
- ubuntu•linux-gcp
< 5.4.0-1037.40
- ubuntu•linux-gcp-5.4
< 5.4.0-1037.40~18.04.1
- ubuntu•linux-gke-5.4
< 5.4.0-1036.38~18.04.1
- ubuntu•linux-gkeop
< 5.4.0-1010.11
- ubuntu•linux-gkeop-5.4
< 5.4.0-1010.11~18.04.1
- ubuntu•linux-hwe-5.4
< 5.4.0-66.74~18.04.2
- ubuntu•linux-kvm
< 5.4.0-1033.34
- ubuntu•linux-oracle
< 5.4.0-1038.41
- ubuntu•linux-oracle-5.4
< 5.4.0-1038.41~18.04.1
- ubuntu•linux-raspi
< 5.4.0-1029.32
- ubuntu•linux-raspi-5.4
< 5.4.0-1029.32~18.04.1
References (11)
- https://ubuntu.com/security/notices/USN-4750-1
- https://ubuntu.com/security/CVE-2020-25669
- https://ubuntu.com/security/CVE-2020-27815
- https://ubuntu.com/security/CVE-2020-27830
- https://ubuntu.com/security/CVE-2020-28588
- https://ubuntu.com/security/CVE-2020-28941
- https://ubuntu.com/security/CVE-2020-29568
- https://ubuntu.com/security/CVE-2020-29569
- https://ubuntu.com/security/CVE-2020-29660
- https://ubuntu.com/security/CVE-2020-29661
- https://ubuntu.com/security/CVE-2021-20177