SB2021060332 - Ubuntu update for linux-oem-5.10

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021060332

SB2021060332 - Ubuntu update for linux-oem-5.10

Published: June 3, 2021

Security Bulletin ID SB2021060332
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2021-33200)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in kernel/bpf/verifier.c. A local user can trigger an out-of-bounds write and escalate privileges on the system.


2) Out-of-bounds read (CVE-ID: CVE-2021-29155)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists in retrieve_ptr_limit in kernel/bpf/verifier.c in the Linux kernel mechanism. A local, special user privileged (CAP_SYS_ADMIN) BPF program running on affected systems may bypass the protection, and execute speculatively out-of-bounds loads from the kernel memory.


3) Information disclosure (CVE-ID: CVE-2021-31829)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the Linux kernel's eBPF verification code. A local user can insert eBPF instructions, use the eBPF verifier to abuse a spectre-like flaw and infer all system memory.


4) Out-of-bounds write (CVE-ID: CVE-2021-3501)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the KVM API in Linux kernel. A local user can run a specially crafted program to trigger an out-of-bounds write and escalate privileges on the system.


Remediation

Install update from vendor's website.

References