Test ID:	1.3.6.1.4.1.25623.1.0.845145
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5165-1)
Summary:	The remote host is missing an update for the 'linux-oem-5.14' package(s) announced via the USN-5165-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-oem-5.14' package(s) announced via the USN-5165-1 advisory. Vulnerability Insight: It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. A remote attacker could possibly use this to cause a denial of service (connection disassociation). (CVE-2021-3772) It was discovered that the AMD Radeon GPU driver in the Linux kernel did not properly validate writes in the debugfs file system. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42327) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739) It was discovered that the KVM implementation for POWER8 processors in the Linux kernel did not properly keep track if a wakeup event could be resolved by a guest. An attacker in a guest VM could possibly use this to cause a denial of service (host OS crash). (CVE-2021-43056) It was discovered that the TIPC Protocol implementation in the Linux kernel did not properly validate MSG_CRYPTO messages in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-43267) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389) Affected Software/OS: 'linux-oem-5.14' package(s) on Ubuntu 20.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-3760 Debian Security Information: DSA-5096 (Google Search) https://www.debian.org/security/2022/dsa-5096 https://bugzilla.redhat.com/show_bug.cgi?id=2000585 https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3772 DSA-5096 [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update https://bugzilla.redhat.com/show_bug.cgi?id=2000694 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df https://security.netapp.com/advisory/ntap-20221007-0001/ https://ubuntu.com/security/CVE-2021-3772 https://www.oracle.com/security-alerts/cpujul2022.html Common Vulnerability Exposure (CVE) ID: CVE-2021-42327 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDEW4APTYKJK365HC2JZIVXYUV7ZRN7/ https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f23750b5b3d98653b31d4469592935ef6364ad67 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c https://www.mail-archive.com/amd-gfx@lists.freedesktop.org/msg69080.html Common Vulnerability Exposure (CVE) ID: CVE-2021-42739 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e https://seclists.org/oss-sec/2021/q2/46 https://www.starwindsoftware.com/security/sw-20220804-0001/ https://bugzilla.redhat.com/show_bug.cgi?id=1951739 https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ Common Vulnerability Exposure (CVE) ID: CVE-2021-43056 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBM4FP3IT3JZ2O7EBS7TEOG657N4ZGRE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AA7EAPPKWG4LMTQQLNNSKATY6ST2KQFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRAIS3PG4EV5WFLYESR6FXWM4BJJGWVA/ https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15 https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 https://lore.kernel.org/linuxppc-dev/87pmrtbbdt.fsf@mpe.ellerman.id.au/T/#u http://www.openwall.com/lists/oss-security/2021/10/28/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-43267 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVWL7HZV5T5OEKJPO2D67RMFMKBBXGGB/ https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16 https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0 http://www.openwall.com/lists/oss-security/2022/02/10/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-43389 https://bugzilla.redhat.com/show_bug.cgi?id=2013180 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA@mail.gmail.com/ https://seclists.org/oss-sec/2021/q4/39 https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html http://www.openwall.com/lists/oss-security/2021/11/05/1
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.