SB2021010617 - Ubuntu update for linux

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2020-0423)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the Binder component in OS kernel. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.

2) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2020-10135)

The vulnerability allows a remote attacker to perform a Man-in-the-Middle (MitM) attack.

The vulnerability exists in the implementation of Bluetooth v5.0, v4.2, v4.1, v4.0 on devices manufactured by multiple vendors. A remote attacker with physical proximity to the victim can successful perform a MitM attack even against previously paired devices and gain access to sensitive information.

Below is the list of chips and devices, confirmed to be vulnerable:

3) Use-after-free (CVE-ID: CVE-2020-25656)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in the way the console subsystem uses KDGKBSENT and KDSKBSENT IOCTLs. A local user can run a specially crafted program to trigger an out-of-bounds read and gain access to sensitive information.

4) Use-after-free (CVE-ID: CVE-2020-25668)

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the con_font_op. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

5) Use of insufficiently random values (CVE-ID: CVE-2020-25705)

The vulnerability allows a remote attacker to gain access to sensitive information.

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

6) NULL pointer dereference (CVE-ID: CVE-2020-27675)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/xen/events/events_base.c. A malicious guest can trigger a dom0 crash by sending events for a paravirtualized device while simultaneously performing its reconfiguration.

7) Missing Authorization (CVE-ID: CVE-2020-27777)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way RTAS handles memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like user could use this flaw to further increase their privileges to that of a running kernel.

8) Out-of-bounds read (CVE-ID: CVE-2020-28974)

The vulnerability allows a local privileged user to read and manipulate data.

The vulnerability exists due to an out-of-bounds read error within the con_font_default() and con_font_op() functions in drivers/tty/vt/vt.c. A local privileged user can read and manipulate data.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-4680-1