Test ID:	1.3.6.1.4.1.25623.1.0.845191
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5210-2)
Summary:	The remote host is missing an update for the 'linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4' package(s) announced via the USN-5210-2 advisory.
Description:	Summary: The remote host is missing an update for the 'linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4' package(s) announced via the USN-5210-2 advisory. Vulnerability Insight: USN-5210-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused failures to boot in environments with AMD Secure Encrypted Virtualization (SEV) enabled. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2020-26541) It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864) It was discovered that the KVM implementation for POWER8 processors in the Linux kernel did not properly keep track if a wakeup event could be resolved by a guest. An attacker in a guest VM could possibly use this to cause a denial of service (host OS crash). (CVE-2021-43056) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389) Affected Software/OS: 'linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4' package(s) on Ubuntu 18.04, Ubuntu 20.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-26541 https://lkml.org/lkml/2020/9/15/1871 Common Vulnerability Exposure (CVE) ID: CVE-2021-20321 Debian Security Information: DSA-5096 (Google Search) https://www.debian.org/security/2022/dsa-5096 https://bugzilla.redhat.com/show_bug.cgi?id=2013242 https://lore.kernel.org/all/20211011134508.748956131@linuxfoundation.org/ https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3760 https://bugzilla.redhat.com/show_bug.cgi?id=2000585 Common Vulnerability Exposure (CVE) ID: CVE-2021-4002 https://bugzilla.redhat.com/show_bug.cgi?id=2025726 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890 https://www.openwall.com/lists/oss-security/2021/11/25/1 https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2021-41864 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/ https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a https://github.com/torvalds/linux/commit/30e29a9a2bc6a4888335a6ede968b75cd329657a https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2021-43056 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBM4FP3IT3JZ2O7EBS7TEOG657N4ZGRE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AA7EAPPKWG4LMTQQLNNSKATY6ST2KQFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRAIS3PG4EV5WFLYESR6FXWM4BJJGWVA/ https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15 https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 https://lore.kernel.org/linuxppc-dev/87pmrtbbdt.fsf@mpe.ellerman.id.au/T/#u http://www.openwall.com/lists/oss-security/2021/10/28/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-43389 https://bugzilla.redhat.com/show_bug.cgi?id=2013180 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA@mail.gmail.com/ https://seclists.org/oss-sec/2021/q4/39 http://www.openwall.com/lists/oss-security/2021/11/05/1
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.