SB2021092929 - Ubuntu update for linux-oem-5.13
Published: September 29, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Improper Privilege Management (CVE-ID: CVE-2021-41073)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management within the loop_rw_iter() function in fs/io_uring.c in Linux kernel. A local user can escalate privileges on the system by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer.
2) Information disclosure (CVE-ID: CVE-2021-34556)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
3) Observable discrepancy (CVE-ID: CVE-2021-35477)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to observable discrepancy error. A local user can gain access to sensitive information.
4) Out-of-bounds write (CVE-ID: CVE-2021-3612)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in joystick devices subsystem in Linux kernel. A local user can make a specially crafted JSIOCSBTNMAP IOCTL call, trigger out-of-bounds write and execute arbitrary code with escalated privileges.
5) Resource exhaustion (CVE-ID: CVE-2021-3679)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to lack of CPU resource in the Linux kernel tracing module functionality when using trace ring buffer in a specific way. A privileged local user (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
6) Double Free (CVE-ID: CVE-2021-37159)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to hso_free_net_device() function in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state. A local user can trigger double free and use-after-free errors and execute arbitrary code with elevated privileges.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-3732)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in the way the user mounts the TmpFS filesystem with OverlayFS. A local user can gain access to hidden files that should not be accessible.
8) Out-of-bounds read (CVE-ID: CVE-2021-38166)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the kvmalloc() function in kernel/bpf/hashtab.c. A local user can execute arbitrary code.
9) Race condition (CVE-ID: CVE-2021-38199)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to fs/nfs/nfs4client.c in the Linux kernel has incorrect connection-setup ordering. A remote attacker with access to a remote NFSv4 server can perform a denial of service (DoS) attack by arranging the server to be unreachable during trunking detection.
10) Out-of-bounds read (CVE-ID: CVE-2021-38201)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
11) Out-of-bounds read (CVE-ID: CVE-2021-38202)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.
12) Improper locking (CVE-ID: CVE-2021-38203)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
13) Use-after-free (CVE-ID: CVE-2021-38204)
The vulnerability allows a local attacker to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the drivers/usb/host/max3421-hcd.c in the Linux kernel. An attacker with physical access to the system can remove a MAX-3421 USB device to perform a denial of service attack.
14) Access of uninitialized pointer (CVE-ID: CVE-2021-38205)
The vulnerability allows a local user to manipulate data.
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).
15) Race condition (CVE-ID: CVE-2021-40490)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
Remediation
Install update from vendor's website.