USN-5044-1

Description

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3573) It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2021-3587)

Affected Systems

• ubuntu•linux

  < 4.15.0-154.161

• ubuntu•linux-aws

  < 4.15.0-1110.117

• ubuntu•linux-aws-hwe

  < 4.15.0-1110.117~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1122.135~14.04.1 | < 4.15.0-1122.135~16.04.1

• ubuntu•linux-azure-4.15

  < 4.15.0-1122.135

• ubuntu•linux-gcp

  < 4.15.0-1107.121~16.04.1

• ubuntu•linux-gcp-4.15

  < 4.15.0-1107.121

• ubuntu•linux-hwe

  < 4.15.0-154.161~16.04.1

• ubuntu•linux-kvm

  < 4.15.0-1098.100

• ubuntu•linux-oracle

  < 4.15.0-1079.87~16.04.1 | < 4.15.0-1079.87

• ubuntu•linux-raspi2

  < 4.15.0-1094.100

• ubuntu•linux-snapdragon

  < 4.15.0-1111.120

References (4)

• https://ubuntu.com/security/notices/USN-5044-1
• https://ubuntu.com/security/CVE-2021-3564
• https://ubuntu.com/security/CVE-2021-3573
• https://ubuntu.com/security/CVE-2021-3587