LSN-0074-1

Source
https://ubuntu.com/security/notices/LSN-0074-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/lsn/LSN-0074-1.json
JSON Data
https://api.osv.dev/v1/vulns/LSN-0074-1
Related
Published
2021-01-26T07:25:07Z
Modified
2021-01-26T07:25:07Z
Summary
Kernel Live Patch Security Notice
Details

Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-0427)

Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352)

It was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). (CVE-2020-25645)

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. (CVE-2020-28374)

References

Affected packages

Ubuntu:Pro:14.04:LTS / linux-lts-xenial

Package

Name
linux-lts-xenial
Purl
pkg:deb/ubuntu/linux-lts-xenial@4.4.0-262.296~14.04.1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-262.296~14.04.1

Affected versions

4.*

4.4.0-13.29~14.04.1
4.4.0-14.30~14.04.2
4.4.0-15.31~14.04.1
4.4.0-18.34~14.04.1
4.4.0-21.37~14.04.1
4.4.0-22.39~14.04.1
4.4.0-22.40~14.04.1
4.4.0-24.43~14.04.1
4.4.0-28.47~14.04.1
4.4.0-31.50~14.04.1
4.4.0-34.53~14.04.1
4.4.0-36.55~14.04.1
4.4.0-38.57~14.04.1
4.4.0-42.62~14.04.1
4.4.0-45.66~14.04.1
4.4.0-47.68~14.04.1
4.4.0-51.72~14.04.1
4.4.0-53.74~14.04.1
4.4.0-57.78~14.04.1
4.4.0-59.80~14.04.1
4.4.0-62.83~14.04.1
4.4.0-63.84~14.04.2
4.4.0-64.85~14.04.1
4.4.0-66.87~14.04.1
4.4.0-67.88~14.04.1
4.4.0-70.91~14.04.1
4.4.0-71.92~14.04.1
4.4.0-72.93~14.04.1
4.4.0-75.96~14.04.1
4.4.0-78.99~14.04.2
4.4.0-79.100~14.04.1
4.4.0-81.104~14.04.1
4.4.0-83.106~14.04.1
4.4.0-87.110~14.04.1
4.4.0-89.112~14.04.1
4.4.0-91.114~14.04.1
4.4.0-92.115~14.04.1
4.4.0-93.116~14.04.1
4.4.0-96.119~14.04.1
4.4.0-97.120~14.04.1
4.4.0-98.121~14.04.1
4.4.0-101.124~14.04.1
4.4.0-103.126~14.04.1
4.4.0-104.127~14.04.1
4.4.0-108.131~14.04.1
4.4.0-109.132~14.04.1
4.4.0-111.134~14.04.1
4.4.0-112.135~14.04.1
4.4.0-116.140~14.04.1
4.4.0-119.143~14.04.1
4.4.0-121.145~14.04.1
4.4.0-124.148~14.04.1
4.4.0-127.153~14.04.1
4.4.0-128.154~14.04.1
4.4.0-130.156~14.04.1
4.4.0-131.157~14.04.1
4.4.0-133.159~14.04.1
4.4.0-134.160~14.04.1
4.4.0-135.161~14.04.1
4.4.0-137.163~14.04.1
4.4.0-138.164~14.04.1
4.4.0-139.165~14.04.1
4.4.0-140.166~14.04.1
4.4.0-141.167~14.04.1
4.4.0-142.168~14.04.1
4.4.0-143.169~14.04.2
4.4.0-144.170~14.04.1
4.4.0-146.172~14.04.1
4.4.0-148.174~14.04.1
4.4.0-164.192~14.04.1
4.4.0-165.193~14.04.1
4.4.0-166.195~14.04.1
4.4.0-168.197~14.04.1
4.4.0-169.198~14.04.1
4.4.0-170.199~14.04.1
4.4.0-171.200~14.04.1
4.4.0-173.203~14.04.1
4.4.0-174.204~14.04.1
4.4.0-176.206~14.04.1
4.4.0-177.207~14.04.1
4.4.0-178.208~14.04.1
4.4.0-179.209~14.04.1
4.4.0-184.214~14.04.1
4.4.0-185.215~14.04.1
4.4.0-186.216~14.04.1
4.4.0-187.217~14.04.1
4.4.0-189.219~14.04.1
4.4.0-190.220~14.04.1
4.4.0-193.224~14.04.1
4.4.0-194.226~14.04.1
4.4.0-197.229~14.04.1
4.4.0-198.230~14.04.1
4.4.0-200.232~14.04.1
4.4.0-201.233~14.04.1
4.4.0-203.235~14.04.1
4.4.0-204.236~14.04.1
4.4.0-206.238~14.04.1
4.4.0-208.240~14.04.1
4.4.0-209.241~14.04.1
4.4.0-210.242~14.04.1
4.4.0-211.243~14.04.1
4.4.0-212.244~14.04.1
4.4.0-213.245~14.04.1
4.4.0-214.246~14.04.1
4.4.0-215.247~14.04.1
4.4.0-218.251~14.04.1
4.4.0-219.252~14.04.1
4.4.0-221.254~14.04.1
4.4.0-222.255~14.04.1
4.4.0-223.256~14.04.1
4.4.0-224.257~14.04.1
4.4.0-227.261~14.04.1
4.4.0-229.263~14.04.1
4.4.0-230.264~14.04.1
4.4.0-231.265~14.04.1
4.4.0-233.267~14.04.1
4.4.0-234.268~14.04.1
4.4.0-235.269~14.04.1
4.4.0-236.270~14.04.1
4.4.0-237.271~14.04.1
4.4.0-239.273~14.04.1
4.4.0-240.274~14.04.1
4.4.0-241.275~14.04.1
4.4.0-242.276~14.04.1
4.4.0-243.277~14.04.1
4.4.0-244.278~14.04.1
4.4.0-245.279~14.04.1
4.4.0-246.280~14.04.1
4.4.0-248.282~14.04.1
4.4.0-250.284~14.04.1
4.4.0-251.285~14.04.1
4.4.0-252.286~14.04.1
4.4.0-253.287~14.04.1
4.4.0-254.288~14.04.1
4.4.0-256.290~14.04.1
4.4.0-257.291~14.04.1
4.4.0-258.292~14.04.2
4.4.0-259.293~14.04.1
4.4.0-260.294~14.04.1
4.4.0-261.295~14.04.1

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_4_4_0[_|\\d]+_(?:generic|lowlatency)_(\\d+)"
}

Ubuntu:Pro:16.04:LTS / linux-aws

Package

Name
linux-aws
Purl
pkg:deb/ubuntu/linux-aws@4.4.0-1121.135?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1121.135

Affected versions

4.*

4.4.0-1001.10
4.4.0-1003.12
4.4.0-1004.13
4.4.0-1007.16
4.4.0-1009.18
4.4.0-1011.20
4.4.0-1012.21
4.4.0-1013.22
4.4.0-1016.25
4.4.0-1017.26
4.4.0-1018.27
4.4.0-1020.29
4.4.0-1022.31
4.4.0-1026.35
4.4.0-1028.37
4.4.0-1030.39
4.4.0-1031.40
4.4.0-1032.41
4.4.0-1035.44
4.4.0-1037.46
4.4.0-1038.47
4.4.0-1039.48
4.4.0-1041.50
4.4.0-1043.52
4.4.0-1044.53
4.4.0-1047.56
4.4.0-1048.57
4.4.0-1049.58
4.4.0-1050.59
4.4.0-1052.61
4.4.0-1054.63
4.4.0-1055.64
4.4.0-1057.66
4.4.0-1060.69
4.4.0-1061.70
4.4.0-1062.71
4.4.0-1063.72
4.4.0-1065.75
4.4.0-1066.76
4.4.0-1067.77
4.4.0-1069.79
4.4.0-1070.80
4.4.0-1072.82
4.4.0-1073.83
4.4.0-1074.84
4.4.0-1075.85
4.4.0-1077.87
4.4.0-1079.89
4.4.0-1081.91
4.4.0-1083.93
4.4.0-1084.94
4.4.0-1085.96
4.4.0-1087.98
4.4.0-1088.99
4.4.0-1090.101
4.4.0-1092.103
4.4.0-1094.105
4.4.0-1095.106
4.4.0-1096.107
4.4.0-1098.109
4.4.0-1099.110
4.4.0-1100.111
4.4.0-1101.112
4.4.0-1102.113
4.4.0-1104.115
4.4.0-1105.116
4.4.0-1106.117
4.4.0-1107.118
4.4.0-1109.120
4.4.0-1110.121
4.4.0-1111.123
4.4.0-1112.124
4.4.0-1113.126
4.4.0-1114.127
4.4.0-1117.131
4.4.0-1118.132
4.4.0-1119.133

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_4_4_0[_|\\d]+_aws_(\\d+)"
}

Ubuntu:Pro:FIPS:18.04:LTS / linux-aws-fips

Package

Name
linux-aws-fips
Purl
pkg:deb/ubuntu/linux-aws-fips@4.15.0-2000.4?arch=source&distro=fips/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.15.0-2000.4

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_4_15_0[_|\\d]+_aws_(\\d+)"
}

Ubuntu:Pro:20.04:LTS / linux-aws

Package

Name
linux-aws
Purl
pkg:deb/ubuntu/linux-aws@5.4.0-1037.39?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-1037.39

Affected versions

5.*

5.3.0-1003.3
5.3.0-1008.9
5.3.0-1009.10
5.3.0-1010.11
5.4.0-1005.5
5.4.0-1007.7
5.4.0-1008.8
5.4.0-1009.9
5.4.0-1011.11
5.4.0-1015.15
5.4.0-1017.17
5.4.0-1018.18
5.4.0-1020.20
5.4.0-1021.21
5.4.0-1022.22
5.4.0-1024.24
5.4.0-1025.25
5.4.0-1028.29
5.4.0-1029.30
5.4.0-1030.31
5.4.0-1032.33
5.4.0-1034.35
5.4.0-1035.37

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_5_4_0[_|\\d]+_aws_(\\d+)"
}