USN-4709-1
- Source
- https://ubuntu.com/security/notices/USN-4709-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4709-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-4709-1
- Related
- Published
- 2021-02-02T07:23:12.996586Z
- Modified
- 2021-02-02T07:23:12.996586Z
- Summary
- linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
- Details
-
It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. (CVE-2020-28374)
Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093)
It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19813, CVE-2019-19816)
Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669)
- References
Affected packages
Ubuntu:14.04:LTS / linux-aws
Package
- Name
- linux-aws
- Purl
- pkg:deb/ubuntu/linux-aws?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.4.0-1085.89
Affected versions
4.*
4.4.0-1002.2
4.4.0-1003.3
4.4.0-1005.5
4.4.0-1006.6
4.4.0-1009.9
4.4.0-1010.10
4.4.0-1011.11
4.4.0-1012.12
4.4.0-1014.14
4.4.0-1016.16
4.4.0-1017.17
4.4.0-1019.19
4.4.0-1022.22
4.4.0-1023.23
4.4.0-1024.25
4.4.0-1025.26
4.4.0-1027.30
4.4.0-1028.31
4.4.0-1029.32
4.4.0-1031.34
4.4.0-1032.35
4.4.0-1034.37
4.4.0-1036.39
4.4.0-1037.40
4.4.0-1038.41
4.4.0-1039.42
4.4.0-1040.43
4.4.0-1042.45
4.4.0-1044.47
Ubuntu:16.04:LTS / linux-aws
Package
- Name
- linux-aws
- Purl
- pkg:deb/ubuntu/linux-aws?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.4.0-1121.135
Affected versions
4.*
4.4.0-1001.10
4.4.0-1003.12
4.4.0-1004.13
4.4.0-1007.16
4.4.0-1009.18
4.4.0-1011.20
4.4.0-1012.21
4.4.0-1013.22
4.4.0-1016.25
4.4.0-1017.26
4.4.0-1018.27
4.4.0-1020.29
4.4.0-1022.31
4.4.0-1026.35
4.4.0-1028.37
4.4.0-1030.39
4.4.0-1031.40
4.4.0-1032.41
4.4.0-1035.44
4.4.0-1037.46
4.4.0-1038.47
4.4.0-1039.48
4.4.0-1041.50
4.4.0-1043.52
4.4.0-1044.53
4.4.0-1047.56
4.4.0-1048.57
4.4.0-1049.58
4.4.0-1050.59
4.4.0-1052.61
4.4.0-1054.63
4.4.0-1055.64
4.4.0-1057.66
4.4.0-1060.69
4.4.0-1061.70
4.4.0-1062.71
4.4.0-1063.72
4.4.0-1065.75
4.4.0-1066.76
4.4.0-1067.77
4.4.0-1069.79
4.4.0-1070.80
4.4.0-1072.82
4.4.0-1073.83
4.4.0-1074.84
4.4.0-1075.85
4.4.0-1077.87
4.4.0-1079.89
4.4.0-1081.91
4.4.0-1083.93
4.4.0-1084.94
4.4.0-1085.96
4.4.0-1087.98
4.4.0-1088.99
4.4.0-1090.101
4.4.0-1092.103
4.4.0-1094.105
4.4.0-1095.106
4.4.0-1096.107
4.4.0-1098.109
4.4.0-1099.110
4.4.0-1100.111
4.4.0-1101.112
4.4.0-1102.113
4.4.0-1104.115
4.4.0-1105.116
4.4.0-1106.117
4.4.0-1107.118
4.4.0-1109.120
4.4.0-1110.121
4.4.0-1111.123
4.4.0-1112.124
4.4.0-1113.126
4.4.0-1114.127
4.4.0-1117.131
4.4.0-1118.132
4.4.0-1119.133
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "4.4.0-1121.135",
"binary_name": "linux-aws-cloud-tools-4.4.0-1121"
},
{
"binary_version": "4.4.0-1121.135",
"binary_name": "linux-aws-headers-4.4.0-1121"
},
{
"binary_version": "4.4.0-1121.135",
"binary_name": "linux-aws-tools-4.4.0-1121"
},
{
"binary_version": "4.4.0-1121.135",
"binary_name": "linux-buildinfo-4.4.0-1121-aws"
},
{
"binary_version": "4.4.0-1121.135",
"binary_name": "linux-cloud-tools-4.4.0-1121-aws"
},
{
"binary_version": "4.4.0-1121.135",
"binary_name": "linux-headers-4.4.0-1121-aws"
},
{
"binary_version": "4.4.0-1121.135",
"binary_name": "linux-image-4.4.0-1121-aws"
},
{
"binary_version": "4.4.0-1121.135",
"binary_name": "linux-image-4.4.0-1121-aws-dbgsym"
},
{
"binary_version": "4.4.0-1121.135",
"binary_name": "linux-modules-4.4.0-1121-aws"
},
{
"binary_version": "4.4.0-1121.135",
"binary_name": "linux-modules-extra-4.4.0-1121-aws"
},
{
"binary_version": "4.4.0-1121.135",
"binary_name": "linux-tools-4.4.0-1121-aws"
}
]
}
Ubuntu:16.04:LTS / linux-kvm
Package
- Name
- linux-kvm
- Purl
- pkg:deb/ubuntu/linux-kvm?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.4.0-1087.96
Affected versions
4.*
4.4.0-1004.9
4.4.0-1007.12
4.4.0-1008.13
4.4.0-1009.14
4.4.0-1010.15
4.4.0-1012.17
4.4.0-1013.18
4.4.0-1015.20
4.4.0-1017.22
4.4.0-1019.24
4.4.0-1020.25
4.4.0-1021.26
4.4.0-1023.28
4.4.0-1026.31
4.4.0-1027.32
4.4.0-1029.34
4.4.0-1031.37
4.4.0-1032.38
4.4.0-1033.39
4.4.0-1035.41
4.4.0-1036.42
4.4.0-1037.43
4.4.0-1038.44
4.4.0-1039.45
4.4.0-1040.46
4.4.0-1041.47
4.4.0-1043.49
4.4.0-1044.50
4.4.0-1046.52
4.4.0-1047.53
4.4.0-1048.55
4.4.0-1051.58
4.4.0-1052.59
4.4.0-1054.61
4.4.0-1056.63
4.4.0-1058.65
4.4.0-1059.66
4.4.0-1060.67
4.4.0-1062.69
4.4.0-1063.70
4.4.0-1064.71
4.4.0-1065.72
4.4.0-1066.73
4.4.0-1068.75
4.4.0-1069.76
4.4.0-1070.77
4.4.0-1071.78
4.4.0-1075.82
4.4.0-1076.83
4.4.0-1077.84
4.4.0-1078.85
4.4.0-1079.86
4.4.0-1080.87
4.4.0-1082.91
4.4.0-1084.93
4.4.0-1085.94
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "4.4.0-1087.96",
"binary_name": "linux-buildinfo-4.4.0-1087-kvm"
},
{
"binary_version": "4.4.0-1087.96",
"binary_name": "linux-cloud-tools-4.4.0-1087-kvm"
},
{
"binary_version": "4.4.0-1087.96",
"binary_name": "linux-headers-4.4.0-1087-kvm"
},
{
"binary_version": "4.4.0-1087.96",
"binary_name": "linux-image-4.4.0-1087-kvm"
},
{
"binary_version": "4.4.0-1087.96",
"binary_name": "linux-image-4.4.0-1087-kvm-dbgsym"
},
{
"binary_version": "4.4.0-1087.96",
"binary_name": "linux-kvm-cloud-tools-4.4.0-1087"
},
{
"binary_version": "4.4.0-1087.96",
"binary_name": "linux-kvm-headers-4.4.0-1087"
},
{
"binary_version": "4.4.0-1087.96",
"binary_name": "linux-kvm-tools-4.4.0-1087"
},
{
"binary_version": "4.4.0-1087.96",
"binary_name": "linux-modules-4.4.0-1087-kvm"
},
{
"binary_version": "4.4.0-1087.96",
"binary_name": "linux-tools-4.4.0-1087-kvm"
}
]
}
Ubuntu:16.04:LTS / linux-raspi2
Package
- Name
- linux-raspi2
- Purl
- pkg:deb/ubuntu/linux-raspi2?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.4.0-1145.155
Affected versions
4.*
4.2.0-1013.19
4.2.0-1014.21
4.3.0-1006.6
4.4.0-1003.4
4.4.0-1004.5
4.4.0-1009.10
4.4.0-1010.12
4.4.0-1010.13
4.4.0-1012.16
4.4.0-1016.22
4.4.0-1017.23
4.4.0-1019.25
4.4.0-1021.27
4.4.0-1023.29
4.4.0-1027.33
4.4.0-1029.36
4.4.0-1034.41
4.4.0-1038.45
4.4.0-1040.47
4.4.0-1042.49
4.4.0-1044.51
4.4.0-1046.53
4.4.0-1048.55
4.4.0-1050.57
4.4.0-1051.58
4.4.0-1052.59
4.4.0-1054.61
4.4.0-1055.62
4.4.0-1057.64
4.4.0-1059.67
4.4.0-1061.69
4.4.0-1065.73
4.4.0-1067.75
4.4.0-1069.77
4.4.0-1070.78
4.4.0-1071.79
4.4.0-1074.82
4.4.0-1075.83
4.4.0-1076.84
4.4.0-1077.85
4.4.0-1079.87
4.4.0-1080.88
4.4.0-1082.90
4.4.0-1085.93
4.4.0-1086.94
4.4.0-1087.95
4.4.0-1089.97
4.4.0-1090.98
4.4.0-1091.99
4.4.0-1092.100
4.4.0-1094.102
4.4.0-1095.103
4.4.0-1096.104
4.4.0-1098.106
4.4.0-1099.107
4.4.0-1100.108
4.4.0-1101.109
4.4.0-1102.110
4.4.0-1103.111
4.4.0-1104.112
4.4.0-1106.114
4.4.0-1107.115
4.4.0-1109.117
4.4.0-1110.118
4.4.0-1111.120
4.4.0-1114.123
4.4.0-1117.126
4.4.0-1118.127
4.4.0-1120.129
4.4.0-1122.131
4.4.0-1123.132
4.4.0-1124.133
4.4.0-1125.134
4.4.0-1126.135
4.4.0-1127.136
4.4.0-1128.137
4.4.0-1129.138
4.4.0-1130.139
4.4.0-1131.140
4.4.0-1132.141
4.4.0-1133.142
4.4.0-1134.143
4.4.0-1135.144
4.4.0-1136.145
4.4.0-1137.146
4.4.0-1138.147
4.4.0-1139.148
4.4.0-1141.151
4.4.0-1142.152
4.4.0-1143.153
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "4.4.0-1145.155",
"binary_name": "linux-buildinfo-4.4.0-1145-raspi2"
},
{
"binary_version": "4.4.0-1145.155",
"binary_name": "linux-headers-4.4.0-1145-raspi2"
},
{
"binary_version": "4.4.0-1145.155",
"binary_name": "linux-image-4.4.0-1145-raspi2"
},
{
"binary_version": "4.4.0-1145.155",
"binary_name": "linux-image-4.4.0-1145-raspi2-dbgsym"
},
{
"binary_version": "4.4.0-1145.155",
"binary_name": "linux-modules-4.4.0-1145-raspi2"
},
{
"binary_version": "4.4.0-1145.155",
"binary_name": "linux-raspi2-headers-4.4.0-1145"
},
{
"binary_version": "4.4.0-1145.155",
"binary_name": "linux-raspi2-tools-4.4.0-1145"
},
{
"binary_version": "4.4.0-1145.155",
"binary_name": "linux-tools-4.4.0-1145-raspi2"
}
]
}
Ubuntu:16.04:LTS / linux-snapdragon
Package
- Name
- linux-snapdragon
- Purl
- pkg:deb/ubuntu/linux-snapdragon?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.4.0-1149.159
Affected versions
4.*
4.4.0-1012.12
4.4.0-1013.14
4.4.0-1013.15
4.4.0-1015.18
4.4.0-1019.22
4.4.0-1020.23
4.4.0-1022.25
4.4.0-1024.27
4.4.0-1026.29
4.4.0-1030.33
4.4.0-1032.36
4.4.0-1035.39
4.4.0-1039.43
4.4.0-1042.46
4.4.0-1044.48
4.4.0-1046.50
4.4.0-1047.51
4.4.0-1048.52
4.4.0-1050.54
4.4.0-1051.55
4.4.0-1053.57
4.4.0-1054.58
4.4.0-1055.59
4.4.0-1057.61
4.4.0-1058.62
4.4.0-1059.63
4.4.0-1061.66
4.4.0-1063.68
4.4.0-1067.72
4.4.0-1069.74
4.4.0-1071.76
4.4.0-1072.77
4.4.0-1073.78
4.4.0-1076.81
4.4.0-1077.82
4.4.0-1078.83
4.4.0-1079.84
4.4.0-1081.86
4.4.0-1082.87
4.4.0-1084.89
4.4.0-1087.92
4.4.0-1088.93
4.4.0-1090.95
4.4.0-1092.97
4.4.0-1093.98
4.4.0-1094.99
4.4.0-1095.100
4.4.0-1096.101
4.4.0-1098.103
4.4.0-1099.104
4.4.0-1100.105
4.4.0-1102.107
4.4.0-1103.108
4.4.0-1104.109
4.4.0-1105.110
4.4.0-1106.111
4.4.0-1107.112
4.4.0-1108.113
4.4.0-1110.115
4.4.0-1111.116
4.4.0-1113.118
4.4.0-1114.119
4.4.0-1115.121
4.4.0-1118.124
4.4.0-1121.127
4.4.0-1122.128
4.4.0-1124.130
4.4.0-1126.132
4.4.0-1127.135
4.4.0-1128.136
4.4.0-1129.137
4.4.0-1130.138
4.4.0-1131.139
4.4.0-1132.140
4.4.0-1133.141
4.4.0-1134.142
4.4.0-1135.143
4.4.0-1136.144
4.4.0-1137.145
4.4.0-1138.146
4.4.0-1139.147
4.4.0-1140.148
4.4.0-1141.149
4.4.0-1142.151
4.4.0-1143.152
4.4.0-1145.155
4.4.0-1146.156
4.4.0-1147.157
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "4.4.0-1149.159",
"binary_name": "linux-buildinfo-4.4.0-1149-snapdragon"
},
{
"binary_version": "4.4.0-1149.159",
"binary_name": "linux-headers-4.4.0-1149-snapdragon"
},
{
"binary_version": "4.4.0-1149.159",
"binary_name": "linux-image-4.4.0-1149-snapdragon"
},
{
"binary_version": "4.4.0-1149.159",
"binary_name": "linux-image-4.4.0-1149-snapdragon-dbgsym"
},
{
"binary_version": "4.4.0-1149.159",
"binary_name": "linux-modules-4.4.0-1149-snapdragon"
},
{
"binary_version": "4.4.0-1149.159",
"binary_name": "linux-snapdragon-headers-4.4.0-1149"
},
{
"binary_version": "4.4.0-1149.159",
"binary_name": "linux-snapdragon-tools-4.4.0-1149"
},
{
"binary_version": "4.4.0-1149.159",
"binary_name": "linux-tools-4.4.0-1149-snapdragon"
}
]
}