USN-4749-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4749-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4749-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4749-1
Related
Published
2021-02-25T07:05:21.132948Z
Modified
2021-02-25T07:05:21.132948Z
Summary
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
Details

Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669)

It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2020-27815)

Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in the Linux kernel did not correctly handle setting line discipline in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-27830, CVE-2020-28941)

It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. (CVE-2020-29374)

Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29568)

Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29569)

Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-29660)

Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)

References

Affected packages

Ubuntu:Pro:14.04:LTS / linux-azure

Package

Name
linux-azure

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1108.120~14.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "linux-image-azure": "4.15.0.1108.81",
            "linux-image-4.15.0-1108-azure": "4.15.0-1108.120~14.04.1"
        }
    ]
}

Ubuntu:18.04:LTS / linux-gcp-4.15

Package

Name
linux-gcp-4.15

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1093.106

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-1093-gcp": "4.15.0-1093.106",
            "linux-image-gcp-lts-18.04": "4.15.0.1093.111"
        }
    ]
}

Ubuntu:18.04:LTS / linux-dell300x

Package

Name
linux-dell300x

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1012.16

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-1012-dell300x": "4.15.0-1012.16",
            "linux-image-dell300x": "4.15.0.1012.14"
        }
    ]
}

Ubuntu:18.04:LTS / linux-kvm

Package

Name
linux-kvm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1085.87

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-1085-kvm": "4.15.0-1085.87",
            "linux-image-kvm": "4.15.0.1085.81"
        }
    ]
}

Ubuntu:18.04:LTS / linux-snapdragon

Package

Name
linux-snapdragon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1096.105

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-1096-snapdragon": "4.15.0-1096.105",
            "linux-image-snapdragon": "4.15.0.1096.99"
        }
    ]
}

Ubuntu:18.04:LTS / linux-aws

Package

Name
linux-aws

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1094.101

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-1094-aws": "4.15.0-1094.101",
            "linux-image-aws-lts-18.04": "4.15.0.1094.97"
        }
    ]
}

Ubuntu:18.04:LTS / linux-raspi2

Package

Name
linux-raspi2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1079.84

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-raspi2": "4.15.0.1079.76",
            "linux-image-4.15.0-1079-raspi2": "4.15.0-1079.84"
        }
    ]
}

Ubuntu:18.04:LTS / linux-oracle

Package

Name
linux-oracle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1065.73

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-1065-oracle": "4.15.0-1065.73",
            "linux-image-oracle-lts-18.04": "4.15.0.1065.75"
        }
    ]
}

Ubuntu:18.04:LTS / linux

Package

Name
linux

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-136.140

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-lowlatency-hwe-16.04": "4.15.0.136.123",
            "linux-image-4.15.0-136-generic-lpae": "4.15.0-136.140",
            "linux-image-4.15.0-136-lowlatency": "4.15.0-136.140",
            "linux-image-virtual-hwe-16.04-edge": "4.15.0.136.123",
            "linux-image-generic-hwe-16.04": "4.15.0.136.123",
            "linux-image-generic-lpae-hwe-16.04": "4.15.0.136.123",
            "linux-image-4.15.0-136-generic": "4.15.0-136.140",
            "linux-image-lowlatency": "4.15.0.136.123",
            "linux-image-generic": "4.15.0.136.123",
            "linux-image-lowlatency-hwe-16.04-edge": "4.15.0.136.123",
            "linux-image-generic-lpae-hwe-16.04-edge": "4.15.0.136.123",
            "linux-image-virtual": "4.15.0.136.123",
            "linux-image-generic-hwe-16.04-edge": "4.15.0.136.123",
            "linux-image-generic-lpae": "4.15.0.136.123",
            "linux-image-virtual-hwe-16.04": "4.15.0.136.123"
        }
    ]
}

Ubuntu:18.04:LTS / linux-gke-4.15

Package

Name
linux-gke-4.15

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1079.84

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-1079-gke": "4.15.0-1079.84",
            "linux-image-gke-4.15": "4.15.0.1079.83",
            "linux-image-gke": "4.15.0.1079.83"
        }
    ]
}

Ubuntu:18.04:LTS / linux-azure-4.15

Package

Name
linux-azure-4.15

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1108.120

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-azure-lts-18.04": "4.15.0.1108.81",
            "linux-image-4.15.0-1108-azure": "4.15.0-1108.120"
        }
    ]
}

Ubuntu:16.04:LTS / linux-aws-hwe

Package

Name
linux-aws-hwe

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1094.101~16.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-aws-hwe": "4.15.0.1094.87",
            "linux-image-4.15.0-1094-aws": "4.15.0-1094.101~16.04.1"
        }
    ]
}

Ubuntu:16.04:LTS / linux-hwe

Package

Name
linux-hwe

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-136.140~16.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-136-lowlatency": "4.15.0-136.140~16.04.1",
            "linux-image-lowlatency-hwe-16.04": "4.15.0.136.132",
            "linux-image-virtual-hwe-16.04-edge": "4.15.0.136.132",
            "linux-image-generic-hwe-16.04": "4.15.0.136.132",
            "linux-image-generic-lpae-hwe-16.04": "4.15.0.136.132",
            "linux-image-4.15.0-136-generic": "4.15.0-136.140~16.04.1",
            "linux-image-generic-lpae-hwe-16.04-edge": "4.15.0.136.132",
            "linux-image-4.15.0-136-generic-lpae": "4.15.0-136.140~16.04.1",
            "linux-image-lowlatency-hwe-16.04-edge": "4.15.0.136.132",
            "linux-image-generic-hwe-16.04-edge": "4.15.0.136.132",
            "linux-image-oem": "4.15.0.136.132",
            "linux-image-virtual-hwe-16.04": "4.15.0.136.132"
        }
    ]
}

Ubuntu:16.04:LTS / linux-gcp

Package

Name
linux-gcp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1093.106~16.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-1093-gcp": "4.15.0-1093.106~16.04.1",
            "linux-image-gke": "4.15.0.1093.94",
            "linux-image-gcp": "4.15.0.1093.94"
        }
    ]
}

Ubuntu:16.04:LTS / linux-oracle

Package

Name
linux-oracle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1065.73~16.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.15.0-1065-oracle": "4.15.0-1065.73~16.04.1",
            "linux-image-oracle": "4.15.0.1065.53"
        }
    ]
}

Ubuntu:16.04:LTS / linux-azure

Package

Name
linux-azure

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1108.120~16.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-azure": "4.15.0.1108.99",
            "linux-image-azure-edge": "4.15.0.1108.99",
            "linux-image-4.15.0-1108-azure": "4.15.0-1108.120~16.04.1"
        }
    ]
}