| Summary: | The remote host is missing an update for the 'linux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp, linux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8, linux-raspi' package(s) announced via the USN-4999-1 advisory. |
| Description: | Summary:
The remote host is missing an update for the 'linux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp, linux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8, linux-raspi' package(s) announced via the USN-4999-1 advisory.
Vulnerability Insight:
Norbert Slusarek discovered a race condition in the CAN BCM networking
protocol of the Linux kernel leading to multiple use-after-free
vulnerabilities. A local attacker could use this issue to execute arbitrary
code. (CVE-2021-3609)
Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel
did not properly enforce limits for pointer operations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-33200)
Mathy Vanhoef discovered that the Linux kernel's WiFi implementation did
not properly clear received fragments from memory in some situations. A
physically proximate attacker could possibly use this issue to inject
packets or expose sensitive information. (CVE-2020-24586)
Mathy Vanhoef discovered that the Linux kernel's WiFi implementation
incorrectly handled encrypted fragments. A physically proximate attacker
could possibly use this issue to decrypt fragments. (CVE-2020-24587)
Mathy Vanhoef discovered that the Linux kernel's WiFi implementation
incorrectly handled certain malformed frames. If a user were tricked into
connecting to a malicious server, a physically proximate attacker could use
this issue to inject packets. (CVE-2020-24588)
Kiyin (Yin Liang ) discovered that the NFC LLCP protocol implementation in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2020-25670)
Kiyin (Yin Liang ) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly deallocate memory in certain error
situations. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2020-25671, CVE-2020-25672)
Kiyin (Yin Liang ) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly handle error conditions in some situations,
leading to an infinite loop. A local attacker could use this to cause a
denial of service. (CVE-2020-25673)
Mathy Vanhoef discovered that the Linux kernel's WiFi implementation
incorrectly handled EAPOL frames from unauthenticated senders. A physically
proximate attacker could inject malicious packets to cause a denial of
service (system crash). (CVE-2020-26139)
Mathy Vanhoef discovered that the Linux kernel's WiFi implementation did
not properly verify certain fragmented frames. A physically proximate
attacker could possibly use this issue to inject or decrypt packets.
(CVE-2020-26141)
Mathy Vanhoef discovered that the Linux kernel's WiFi implementation
accepted plaintext fragments in certain situations. A physically proximate
attacker could use this issue to inject packets. (CVE-2020-26145)
Mathy Vanhoef discovered that the Linux kernel's WiFi implementation could
reassemble mixed encrypted and plaintext fragments. A physically proximate
attacker could possibly use this issue to inject packets or ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp, linux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8, linux-raspi' package(s) on Ubuntu 20.04, Ubuntu 20.10.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
