USN-5050-1

Description

linux-aws-5.8, linux-azure-5.8, linux-gcp-5.8, linux-oracle-5.8 vulnerabilities It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-28691) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3573) It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2021-38208)

Affected Systems

• ubuntu•linux-aws-5.8

  < 5.8.0-1042.44~20.04.1

• ubuntu•linux-azure-5.8

  < 5.8.0-1040.43~20.04.1

• ubuntu•linux-gcp-5.8

  < 5.8.0-1039.41

• ubuntu•linux-oracle-5.8

  < 5.8.0-1038.39~20.04.1

References (7)

• https://ubuntu.com/security/notices/USN-5050-1
• https://ubuntu.com/security/CVE-2020-26558
• https://ubuntu.com/security/CVE-2021-0129
• https://ubuntu.com/security/CVE-2021-3564
• https://ubuntu.com/security/CVE-2021-3573
• https://ubuntu.com/security/CVE-2021-28691
• https://ubuntu.com/security/CVE-2021-38208