USN-5094-2

Description

linux-raspi2 vulnerabilities It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2021-22543) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204) It was discovered that the Xilinx 10/100 Ethernet Lite device driver in the Linux kernel could report pointer addresses in some situations. An attacker could use this information to ease the exploitation of another vulnerability. (CVE-2021-38205)

Affected Systems

• ubuntu•linux-raspi2

  < 4.15.0-1096.102

References (6)

• https://ubuntu.com/security/notices/USN-5094-2
• https://ubuntu.com/security/CVE-2021-3679
• https://ubuntu.com/security/CVE-2021-3732
• https://ubuntu.com/security/CVE-2021-22543
• https://ubuntu.com/security/CVE-2021-38204
• https://ubuntu.com/security/CVE-2021-38205