SB2020120228 - Ubuntu update for linux
Published: December 2, 2020 Updated: January 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2020-0423)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the Binder component in OS kernel. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.
2) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2020-10135)
The vulnerability allows a remote attacker to perform a Man-in-the-Middle (MitM) attack.
The vulnerability exists in the implementation of Bluetooth v5.0, v4.2, v4.1, v4.0 on devices manufactured by multiple vendors. A remote attacker with physical proximity to the victim can successful perform a MitM attack even against previously paired devices and gain access to sensitive information.
Below is the list of chips and devices, confirmed to be vulnerable:
| Chip | Device |
| Bluetooth v5.0 | |
| Apple 339S00397 | iPhone 8 |
| CYW20819 | CYW920819EVB-02 |
| Intel 9560 | ThinkPad L390 |
| Snapdragon 630 | Nokia 7 |
| Snapdragon 636 | Nokia X6 |
| Snapdragon 835 | Pixel 2 |
| Snapdragon 845 | Pixel 3, OnePlus 6 |
| Bluetooth v4.2 | |
| Apple 339S00056 | MacBookPro 2017 |
| Apple 339S00199 | iPhone 7plus |
| Apple 339S00448 | iPad 2018 |
| CSR 11393 | Sennheiser PXC 550 |
| Exynos 7570 | Galaxy J3 2017 |
| Intel 7265 | ThinkPad X1 3rd |
| Intel 8260 | HP ProBook 430 G3 |
| Bluetooth v4.1 | |
| CYW4334 | iPhone 5s |
| CYW4339 | Nexus 5, iPhone 6 |
| CYW43438 | RPi 3B+ |
| Snapdragon 210 | LG K4 |
| Snapdragon 410 | Motorola G3, Galaxy J5 |
| Bluetooth <= v4.0 | |
| BCM20730 | ThinkPad 41U5008 |
| BCM4329B1 | iPad MC349LL |
| CSR 6530 | PLT BB903+ |
| CSR 8648 | Philips SHB7250 |
| Exynos 3470 | Galaxy S5 mini |
| Exynos 3475 | Galaxy J3 2016 |
| Intel 1280 | Lenovo U430 |
| Intel 6205 | ThinkPad X230 |
| Snapdragon 200 | Lumia 530 |
3) Use-after-free (CVE-ID: CVE-2020-14351)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the perf subsystem. A local user with permission to monitor perf events cam corrupt memory and execute arbitrary code with elevated privileges.
4) Use of insufficiently random values (CVE-ID: CVE-2020-25705)
The vulnerability allows a remote attacker to gain access to sensitive information.
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
5) Infinite loop (CVE-ID: CVE-2020-27152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel. A local user can consume all available system resources and cause denial of service conditions.
6) Buffer Over-read (CVE-ID: CVE-2020-28915)
The vulnerability allows a local user with physical access to perform a denial of service attack.
The vulnerability exists due to an out-of-bounds (OOB) memory access flaw in fbcon_get_font() function in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A local user with special user privilege and with physical access can gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.
7) Information disclosure (CVE-ID: CVE-2020-4788)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in IBM Power9 processors due to unspecified error. A local user can obtain sensitive information from the data in the L1 cache under extenuating circumstances.
Remediation
Install update from vendor's website.