SB2021113024 - Ubuntu update for linux 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021113024

SB2021113024 - Ubuntu update for linux

Published: November 30, 2021

Security Bulletin ID SB2021113024
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Missing initialization of resource (CVE-ID: CVE-2021-3655)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing initialization of resource in the Linux kernel when processing inbound SCTP packets. A remote attacker can send specially crafted SCTP packets to the system and force the kernel to read uninitialized memory.


2) Memory leak (CVE-ID: CVE-2021-3744)

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c. A local user can force the application to leak memory and perform denial of service attack.


3) Memory leak (CVE-ID: CVE-2021-3764)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak error in the ccp_run_aes_gcm_cmd() function in Linux kernel. A local user can trigger a memory leak error and perform a denial of service (DoS) attack.


4) Out-of-bounds write (CVE-ID: CVE-2021-42252)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the aspeed_lpc_ctrl_mmap() function in drivers/soc/aspeed/aspeed-lpc-ctrl.c. A local user can execute arbitrary code.


Remediation

Install update from vendor's website.

References