USN-4907-1

Description

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13095) It was discovered that the priority inheritance futex implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3347) It was discovered that the network block device (nbd) driver in the Linux kernel contained a use-after-free vulnerability during device setup. A local attacker with access to the nbd device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3348)

Affected Systems

• ubuntu•linux

  < 4.15.0-141.145

• ubuntu•linux-aws

  < 4.15.0-1098.105

• ubuntu•linux-aws-hwe

  < 4.15.0-1098.105~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1112.124~14.04.1 | < 4.15.0-1112.124~16.04.1

• ubuntu•linux-azure-4.15

  < 4.15.0-1112.125

• ubuntu•linux-dell300x

  < 4.15.0-1016.20

• ubuntu•linux-gcp

  < 4.15.0-1097.110~16.04.1

• ubuntu•linux-gcp-4.15

  < 4.15.0-1097.110

• ubuntu•linux-kvm

  < 4.15.0-1089.91

• ubuntu•linux-oracle

  < 4.15.0-1069.77~16.04.1 | < 4.15.0-1069.77

• ubuntu•linux-raspi2

  < 4.15.0-1083.88

• ubuntu•linux-snapdragon

  < 4.15.0-1100.109

References (4)

• https://ubuntu.com/security/notices/USN-4907-1
• https://ubuntu.com/security/CVE-2018-13095
• https://ubuntu.com/security/CVE-2021-3347
• https://ubuntu.com/security/CVE-2021-3348