USN-4577-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4577-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4577-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4577-1
Related
  • CVE-2020-16119
  • CVE-2020-16120
Published
2020-10-14T02:28:30.838263Z
Modified
2020-10-14T02:28:30.838263Z
Summary
linux-hwe, linux-gke-5.0, linux-gke-5.3, linux-oem-osp1, linux-raspi2-5.3 vulnerabilities
Details

Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119)

Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. (CVE-2020-16120)

References

Affected packages

Ubuntu:18.04:LTS / linux-hwe

Package

Name
linux-hwe

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.0-68.63

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-gkeop-5.3": "5.3.0.68.125",
            "linux-image-5.3.0-68-generic": "5.3.0-68.63",
            "linux-image-5.3.0-68-lowlatency": "5.3.0-68.63"
        }
    ]
}

Ubuntu:18.04:LTS / linux-gke-5.3

Package

Name
linux-gke-5.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.0-1038.40

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-5.3.0-1038-gke": "5.3.0-1038.40",
            "linux-image-gke-5.3": "5.3.0.1038.21"
        }
    ]
}

Ubuntu:18.04:LTS / linux-gke-5.0

Package

Name
linux-gke-5.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.0-1049.50

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-5.0.0-1049-gke": "5.0.0-1049.50",
            "linux-image-gke-5.0": "5.0.0.1049.33"
        }
    ]
}

Ubuntu:18.04:LTS / linux-oem-osp1

Package

Name
linux-oem-osp1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.0-1069.75

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-5.0.0-1069-oem-osp1": "5.0.0-1069.75",
            "linux-image-oem-osp1": "5.0.0.1069.67"
        }
    ]
}

Ubuntu:18.04:LTS / linux-raspi2-5.3

Package

Name
linux-raspi2-5.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.0-1035.37

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-raspi2-hwe-18.04": "5.3.0.1035.24",
            "linux-image-5.3.0-1035-raspi2": "5.3.0-1035.37"
        }
    ]
}