USN-4916-2

See a problem?
Source
https://ubuntu.com/security/notices/USN-4916-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4916-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4916-2
Published
2021-04-22T03:59:34.014819Z
Modified
2021-04-22T03:59:34.014819Z
Summary
linux, linux-aws, linux-gke-5.3, linux-hwe, linux-kvm, linux-lts-xenial, linux-oem-5.6, linux-raspi2, linux-raspi2-5.3, linux-snapdragon regression
Details

USN-4916-1 fixed vulnerabilities in the Linux kernel. Unfortunately, the fix for CVE-2021-3493 introduced a memory leak in some situations. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. (CVE-2021-3493)

Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-29154)

References

Affected packages

Ubuntu:18.04:LTS / linux-hwe

Package

Name
linux-hwe

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.0-74.70

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-gkeop-5.3": "5.3.0.74.131",
            "linux-image-5.3.0-74-lowlatency": "5.3.0-74.70",
            "linux-image-5.3.0-74-generic": "5.3.0-74.70"
        }
    ]
}

Ubuntu:18.04:LTS / linux-gke-5.3

Package

Name
linux-gke-5.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.0-1043.46

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-gke-5.3": "5.3.0.1043.26",
            "linux-image-5.3.0-1043-gke": "5.3.0-1043.46"
        }
    ]
}

Ubuntu:18.04:LTS / linux-raspi2-5.3

Package

Name
linux-raspi2-5.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.0-1040.42

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-raspi2-hwe-18.04": "5.3.0.1040.29",
            "linux-image-5.3.0-1040-raspi2": "5.3.0-1040.42"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / linux-lts-xenial

Package

Name
linux-lts-xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-210.242~14.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "linux-image-powerpc64-smp-lts-xenial": "4.4.0.210.183",
            "linux-image-virtual-lts-xenial": "4.4.0.210.183",
            "linux-image-4.4.0-210-powerpc64-smp": "4.4.0-210.242~14.04.1",
            "linux-image-4.4.0-210-lowlatency": "4.4.0-210.242~14.04.1",
            "linux-image-lowlatency-lts-xenial": "4.4.0.210.183",
            "linux-image-4.4.0-210-powerpc64-emb": "4.4.0-210.242~14.04.1",
            "linux-image-4.4.0-210-powerpc-e500mc": "4.4.0-210.242~14.04.1",
            "linux-image-powerpc64-emb-lts-xenial": "4.4.0.210.183",
            "linux-image-4.4.0-210-powerpc-smp": "4.4.0-210.242~14.04.1",
            "linux-image-4.4.0-210-generic-lpae": "4.4.0-210.242~14.04.1",
            "linux-image-powerpc-smp-lts-xenial": "4.4.0.210.183",
            "linux-image-powerpc-e500mc-lts-xenial": "4.4.0.210.183",
            "linux-image-4.4.0-210-generic": "4.4.0-210.242~14.04.1",
            "linux-image-generic-lpae-lts-xenial": "4.4.0.210.183",
            "linux-image-generic-lts-xenial": "4.4.0.210.183"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / linux-aws

Package

Name
linux-aws

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1092.96

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "linux-image-4.4.0-1092-aws": "4.4.0-1092.96",
            "linux-image-aws": "4.4.0.1092.89"
        }
    ]
}

Ubuntu:20.04:LTS / linux-oem-5.6

Package

Name
linux-oem-5.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.6.0-1055.59

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-oem-20.04": "5.6.0.1055.51",
            "linux-image-5.6.0-1055-oem": "5.6.0-1055.59"
        }
    ]
}

Ubuntu:16.04:LTS / linux-raspi2

Package

Name
linux-raspi2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1152.163

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1152-raspi2": "4.4.0-1152.163",
            "linux-image-raspi2": "4.4.0.1152.152"
        }
    ]
}

Ubuntu:16.04:LTS / linux

Package

Name
linux

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-210.242

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-lowlatency-lts-vivid": "4.4.0.210.216",
            "linux-image-virtual-lts-vivid": "4.4.0.210.216",
            "linux-image-powerpc64-emb": "4.4.0.210.216",
            "linux-image-lowlatency-lts-wily": "4.4.0.210.216",
            "linux-image-powerpc-e500mc-lts-utopic": "4.4.0.210.216",
            "linux-image-powerpc-smp-lts-wily": "4.4.0.210.216",
            "linux-image-generic-lpae-lts-vivid": "4.4.0.210.216",
            "linux-image-virtual-lts-utopic": "4.4.0.210.216",
            "linux-image-powerpc64-smp-lts-xenial": "4.4.0.210.216",
            "linux-image-4.4.0-210-powerpc64-smp": "4.4.0-210.242",
            "linux-image-powerpc64-smp-lts-wily": "4.4.0.210.216",
            "linux-image-4.4.0-210-lowlatency": "4.4.0-210.242",
            "linux-image-powerpc64-emb-lts-utopic": "4.4.0.210.216",
            "linux-image-powerpc-smp-lts-utopic": "4.4.0.210.216",
            "linux-image-powerpc-e500mc-lts-wily": "4.4.0.210.216",
            "linux-image-powerpc-smp-lts-vivid": "4.4.0.210.216",
            "linux-image-powerpc64-emb-lts-vivid": "4.4.0.210.216",
            "linux-image-virtual-lts-xenial": "4.4.0.210.216",
            "linux-image-powerpc64-smp": "4.4.0.210.216",
            "linux-image-generic-lts-xenial": "4.4.0.210.216",
            "linux-image-lowlatency": "4.4.0.210.216",
            "linux-image-4.4.0-210-powerpc-smp": "4.4.0-210.242",
            "linux-image-powerpc64-smp-lts-vivid": "4.4.0.210.216",
            "linux-image-powerpc-smp-lts-xenial": "4.4.0.210.216",
            "linux-image-virtual": "4.4.0.210.216",
            "linux-image-4.4.0-210-generic": "4.4.0-210.242",
            "linux-image-powerpc64-emb-lts-wily": "4.4.0.210.216",
            "linux-image-generic-lts-utopic": "4.4.0.210.216",
            "linux-image-generic-lts-vivid": "4.4.0.210.216",
            "linux-image-powerpc64-smp-lts-utopic": "4.4.0.210.216",
            "linux-image-powerpc-e500mc": "4.4.0.210.216",
            "linux-image-powerpc-e500mc-lts-vivid": "4.4.0.210.216",
            "linux-image-generic-lpae-lts-utopic": "4.4.0.210.216",
            "linux-image-generic-lpae-lts-xenial": "4.4.0.210.216",
            "linux-image-powerpc-e500mc-lts-xenial": "4.4.0.210.216",
            "linux-image-virtual-lts-wily": "4.4.0.210.216",
            "linux-image-lowlatency-lts-xenial": "4.4.0.210.216",
            "linux-image-generic-lpae-lts-wily": "4.4.0.210.216",
            "linux-image-4.4.0-210-powerpc64-emb": "4.4.0-210.242",
            "linux-image-4.4.0-210-powerpc-e500mc": "4.4.0-210.242",
            "linux-image-powerpc64-emb-lts-xenial": "4.4.0.210.216",
            "linux-image-generic": "4.4.0.210.216",
            "linux-image-4.4.0-210-generic-lpae": "4.4.0-210.242",
            "linux-image-powerpc-smp": "4.4.0.210.216",
            "linux-image-lowlatency-lts-utopic": "4.4.0.210.216",
            "linux-image-generic-lts-wily": "4.4.0.210.216",
            "linux-image-generic-lpae": "4.4.0.210.216"
        }
    ]
}

Ubuntu:16.04:LTS / linux-kvm

Package

Name
linux-kvm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1093.102

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1093-kvm": "4.4.0-1093.102",
            "linux-image-kvm": "4.4.0.1093.91"
        }
    ]
}

Ubuntu:16.04:LTS / linux-snapdragon

Package

Name
linux-snapdragon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1156.166

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1156-snapdragon": "4.4.0-1156.166",
            "linux-image-snapdragon": "4.4.0.1156.148"
        }
    ]
}

Ubuntu:16.04:LTS / linux-aws

Package

Name
linux-aws

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1128.142

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-aws": "4.4.0.1128.133",
            "linux-image-4.4.0-1128-aws": "4.4.0-1128.142"
        }
    ]
}