SB2020101416 - Ubuntu update for linux

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020101416

SB2020101416 - Ubuntu update for linux

Published: October 14, 2020 Updated: April 23, 2025

Security Bulletin ID SB2020101416
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 14% Low 86%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2020-16119)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error caused by the reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


2) NULL pointer dereference (CVE-ID: CVE-2018-10322)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the xfs_dinode_verify function in the xfs/xfs/libxfs/xfs_inode_buf.c source code file due to NULL pointer dereference when handling Extended File System (XFS) images. A local attacker can mount a specially crafted XFS filesystem image when filesystem operations are executed on the mounted image and cause the service to crash.

3) Use-after-free (CVE-ID: CVE-2019-19448)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.


4) Out-of-bounds read (CVE-ID: CVE-2020-14314)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists.


5) Security restrictions bypass (CVE-ID: CVE-2020-16120)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to security restrictions bypass error within the ovl_open_realfile() and ovl_change_flags() functions in fs/overlayfs/file.c. A local privileged user can gain access to sensitive information.


6) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2020-25212)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a TOCTOU mismatch in the NFS client code in the Linux kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

7) Incorrect default permissions (CVE-ID: CVE-2020-26088)

The vulnerability allows a local user to manipulate data.

A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.


Remediation

Install update from vendor's website.

References