Test ID:	1.3.6.1.4.1.25623.1.0.844772
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4678-1)
Summary:	The remote host is missing an update for the 'linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi' package(s) announced via the USN-4678-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi' package(s) announced via the USN-4678-1 advisory. Vulnerability Insight: It was discovered that the AMD Running Average Power Limit (RAPL) driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. (CVE-2020-12912) Jann Horn discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations. A local attacker could use this to expose sensitive information or possibly escalate privileges. (CVE-2020-29534) Affected Software/OS: 'linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi' package(s) on Ubuntu 20.04, Ubuntu 20.10. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-12912 https://www.amd.com/en/corporate/product-security Common Vulnerability Exposure (CVE) ID: CVE-2020-29534 https://bugs.chromium.org/p/project-zero/issues/detail?id=2089 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f2122045b946241a9e549c2a76cea54fa58a7ff
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.