SB2022022237 - Ubuntu update for linux 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022022237

SB2022022237 - Ubuntu update for linux

Published: February 22, 2022 Updated: November 10, 2022

Security Bulletin ID SB2022022237
Severity
Medium
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 8% Low 92%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2020-26147)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. A remote attacker on the local network can inject packets and/or exfiltrate selected fragments


2) Security features bypass (CVE-ID: CVE-2020-26558)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to an impersonation in the Passkey Entry protocol flaw. A remote attacker on the local network can perform a man-in-the-middle (MITM) attack and impersonate the initiating device without any previous knowledge.

Note: This vulnerability affects the following specifications:

  • BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2
  • BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2 
  • LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2


3) Improper access control (CVE-ID: CVE-2021-0129)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote authenticated attacker on the local network can bypass implemented security restrictions and enable information disclosure


4) Buffer overflow (CVE-ID: CVE-2021-28972)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the drivers/pci/hotplug/rpadlpar_sysfs.c. A local administrator can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Use-after-free (CVE-ID: CVE-2021-33034)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in net/bluetooth/hci_event.c when destroying an hci_chan. A local user can escalate privileges on the system.



6) Use of uninitialized resource (CVE-ID: CVE-2021-34693)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.


7) Use-after-free (CVE-ID: CVE-2021-3483)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Nosy driver in the Linux kernel. A local user can trigger use-after-free and to escalate privileges on the system.


8) Double Free (CVE-ID: CVE-2021-3564)

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists due to bluetooth subsystem in the Linux kernel does not properly handle HCI device detach events. An attacker with physical access to the system can trigger double free error and perform a denial of service attack.


9) Out-of-bounds write (CVE-ID: CVE-2021-3612)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in joystick devices subsystem in Linux kernel. A local user can make a specially crafted JSIOCSBTNMAP IOCTL call, trigger out-of-bounds write and execute arbitrary code with escalated privileges.


10) Resource exhaustion (CVE-ID: CVE-2021-3679)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to lack of CPU resource in the Linux kernel tracing module functionality when using trace ring buffer in a specific way. A privileged local user (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.


11) Use-after-free (CVE-ID: CVE-2021-38204)

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the drivers/usb/host/max3421-hcd.c in the Linux kernel. An attacker with physical access to the system can remove a MAX-3421 USB device to perform a denial of service attack.


12) Out-of-bounds write (CVE-ID: CVE-2021-42008)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the decode_data() function in drivers/net/hamradio/6pack.c in the Linux kernel. A local user can send input from a process that has the CAP_NET_ADMIN capability and escalate privileges on the system.


13) Information disclosure (CVE-ID: CVE-2021-45485)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in the IPv6 implementation in the Linux kernel. A remote attacker can gain access to sensitive information.


Remediation

Install update from vendor's website.

References