SB2021012851 - Ubuntu update for linux 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021012851

SB2021012851 - Ubuntu update for linux

Published: January 28, 2021

Security Bulletin ID SB2021012851
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Medium 20% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Null pointer dereference (CVE-ID: CVE-2018-13093)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the lookup_slow() function in the Extended File System (XFS) component, as defined in the source code file fs/xfs/xfs_icache.c due to boundary error when mounting XFS filesystems. A local attacker can mount an XFS filesystem that submits malicious input, trigger NULL pointer dereference memory error and cause the affected software to terminate abnormally.


2) Use-after-free (CVE-ID: CVE-2019-19813)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.


3) Out-of-bounds write (CVE-ID: CVE-2019-19816)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.


4) Use after free (CVE-ID: CVE-2020-25669)

The vulnerability allows a local user to execute arbitrary code.

A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.


5) Missing Authorization (CVE-ID: CVE-2020-27777)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way RTAS handles memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like user could use this flaw to further increase their privileges to that of a running kernel.


Remediation

Install update from vendor's website.

References