USN-5605-1

Source
https://ubuntu.com/security/notices/USN-5605-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5605-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5605-1
Related
Published
2022-09-09T13:04:20.358583Z
Modified
2022-09-09T13:04:20.358583Z
Summary
linux-azure-fde vulnerabilities
Details

Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33061)

It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33656)

References

Affected packages

Ubuntu:20.04:LTS / linux-azure-fde

Package

Name
linux-azure-fde
Purl
pkg:deb/ubuntu/linux-azure-fde?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-1090.95+cvm1.1

Affected versions

5.*

5.4.0-1063.66+cvm2.2
5.4.0-1063.66+cvm3.2
5.4.0-1064.67+cvm1.1
5.4.0-1065.68+cvm2.1
5.4.0-1067.70+cvm1.1
5.4.0-1068.71+cvm1.1
5.4.0-1069.72+cvm1.1
5.4.0-1070.73+cvm1.1
5.4.0-1072.75+cvm1.1
5.4.0-1073.76+cvm1.1
5.4.0-1074.77+cvm1.1
5.4.0-1076.79+cvm1.1
5.4.0-1078.81+cvm1.1
5.4.0-1080.83+cvm1.1
5.4.0-1083.87+cvm1.1
5.4.0-1085.90+cvm1.1
5.4.0-1085.90+cvm2.1
5.4.0-1086.91+cvm1.1
5.4.0-1089.94+cvm1.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "5.4.0-1090.95+cvm1.1",
            "binary_name": "linux-image-unsigned-5.4.0-1090-azure-fde"
        },
        {
            "binary_version": "5.4.0-1090.95+cvm1.1",
            "binary_name": "linux-image-unsigned-5.4.0-1090-azure-fde-dbgsym"
        }
    ]
}