USN-5094-2

Source
https://ubuntu.com/security/notices/USN-5094-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5094-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5094-2
Related
Published
2021-09-30T17:04:00.181231Z
Modified
2021-09-30T17:04:00.181231Z
Summary
linux-raspi2 vulnerabilities
Details

It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2021-22543)

It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679)

Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732)

It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204)

It was discovered that the Xilinx 10/100 Ethernet Lite device driver in the Linux kernel could report pointer addresses in some situations. An attacker could use this information to ease the exploitation of another vulnerability. (CVE-2021-38205)

References

Affected packages

Ubuntu:18.04:LTS / linux-raspi2

Package

Name
linux-raspi2
Purl
pkg:deb/ubuntu/linux-raspi2?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1096.102

Affected versions

4.*

4.13.0-1005.5
4.13.0-1006.6
4.13.0-1008.8
4.15.0-1006.7
4.15.0-1009.10
4.15.0-1010.11
4.15.0-1011.12
4.15.0-1012.13
4.15.0-1013.14
4.15.0-1017.18
4.15.0-1018.19
4.15.0-1020.22
4.15.0-1021.23
4.15.0-1022.24
4.15.0-1024.26
4.15.0-1026.28
4.15.0-1027.29
4.15.0-1028.30
4.15.0-1029.31
4.15.0-1030.32
4.15.0-1031.33
4.15.0-1032.34
4.15.0-1033.35
4.15.0-1034.36
4.15.0-1036.38
4.15.0-1037.39
4.15.0-1038.40
4.15.0-1040.43
4.15.0-1041.44
4.15.0-1043.46
4.15.0-1044.47
4.15.0-1045.49
4.15.0-1047.51
4.15.0-1048.52
4.15.0-1049.53
4.15.0-1050.54
4.15.0-1052.56
4.15.0-1053.57
4.15.0-1054.58
4.15.0-1055.59
4.15.0-1057.61
4.15.0-1060.64
4.15.0-1061.65
4.15.0-1062.66
4.15.0-1063.67
4.15.0-1065.69
4.15.0-1067.71
4.15.0-1068.72
4.15.0-1070.74
4.15.0-1071.75
4.15.0-1073.78
4.15.0-1074.79
4.15.0-1076.81
4.15.0-1077.82
4.15.0-1078.83
4.15.0-1079.84
4.15.0-1080.85
4.15.0-1081.86
4.15.0-1082.87
4.15.0-1083.88
4.15.0-1084.89
4.15.0-1085.90
4.15.0-1086.91
4.15.0-1089.94
4.15.0-1092.98
4.15.0-1093.99
4.15.0-1094.100
4.15.0-1095.101

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "4.15.0-1096.102",
            "binary_name": "linux-buildinfo-4.15.0-1096-raspi2"
        },
        {
            "binary_version": "4.15.0-1096.102",
            "binary_name": "linux-headers-4.15.0-1096-raspi2"
        },
        {
            "binary_version": "4.15.0-1096.102",
            "binary_name": "linux-image-4.15.0-1096-raspi2"
        },
        {
            "binary_version": "4.15.0-1096.102",
            "binary_name": "linux-image-4.15.0-1096-raspi2-dbgsym"
        },
        {
            "binary_version": "4.15.0-1096.102",
            "binary_name": "linux-modules-4.15.0-1096-raspi2"
        },
        {
            "binary_version": "4.15.0-1096.102",
            "binary_name": "linux-raspi2-headers-4.15.0-1096"
        },
        {
            "binary_version": "4.15.0-1096.102",
            "binary_name": "linux-raspi2-tools-4.15.0-1096"
        },
        {
            "binary_version": "4.15.0-1096.102",
            "binary_name": "linux-tools-4.15.0-1096-raspi2"
        }
    ]
}