SB2020070621 - Ubuntu update for linux

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020070621

SB2020070621 - Ubuntu update for linux

Published: July 6, 2020 Updated: April 23, 2025

Security Bulletin ID SB2020070621
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 40% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2020-10690)

The vulnerability allows a local privileged user to execute arbitrary code.

There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.


2) NULL pointer dereference (CVE-ID: CVE-2020-10711)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's SELinux subsystem when importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated.

A remote attacker can send specially crafted packets the affected system, trigger a NULL pointer dereference error and crash the Linux kernel.


3) Input validation error (CVE-ID: CVE-2020-12770)

The vulnerability allows a local user to execute arbitrary code on the system.

The vulnerability exists due to the "sg_write" lacks an "sg_remove_request" call in a certain failure case. A local user can pass specially crafted input to the application and execute arbitrary code on the target system.


4) Out-of-bounds read (CVE-ID: CVE-2020-13143)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in "gadget_dev_desc_UDC_store" in "drivers/usb/gadget/configfs.c" file. A remote attacker can trigger out-of-bounds read error and cause a denial of service on the target system.


5) Resource exhaustion (CVE-ID: CVE-2020-8992)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.


Remediation

Install update from vendor's website.

References