USN-4580-1: Linux kernel vulnerability
First published: Wed Oct 14 2020(Updated: )
Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-server | <3.13.0.182.191 | 3.13.0.182.191 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-generic-pae | <3.13.0.182.191 | 3.13.0.182.191 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-lowlatency-pae | <3.13.0.182.191 | 3.13.0.182.191 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-virtual | <3.13.0.182.191 | 3.13.0.182.191 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-omap | <3.13.0.182.191 | 3.13.0.182.191 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-generic | <3.13.0.182.191 | 3.13.0.182.191 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-3.13.0-182-generic | <3.13.0-182.233 | 3.13.0-182.233 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-highbank | <3.13.0.182.191 | 3.13.0.182.191 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-3.13.0-182-generic-lpae | <3.13.0-182.233 | 3.13.0-182.233 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-3.13.0-182-lowlatency | <3.13.0-182.233 | 3.13.0-182.233 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-generic-lpae | <3.13.0.182.191 | 3.13.0.182.191 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-lowlatency | <3.13.0.182.191 | 3.13.0.182.191 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-3.2.0-149-virtual | <3.2.0-149.196 | 3.2.0-149.196 |
| =12.04 | ||
| All of | ||
| ubuntu/linux-image-3.13.0-182-lowlatency | <3.13.0-182.233~12.04.1 | 3.13.0-182.233~12.04.1 |
| =12.04 | ||
| All of | ||
| ubuntu/linux-image-3.2.0-149-omap | <3.2.0-149.196 | 3.2.0-149.196 |
| =12.04 | ||
| All of | ||
| ubuntu/linux-image-generic | <3.2.0.149.163 | 3.2.0.149.163 |
| =12.04 | ||
| All of | ||
| ubuntu/linux-image-3.13.0-182-generic | <3.13.0-182.233~12.04.1 | 3.13.0-182.233~12.04.1 |
| =12.04 | ||
| All of | ||
| ubuntu/linux-image-highbank | <3.2.0.149.163 | 3.2.0.149.163 |
| =12.04 | ||
| All of | ||
| ubuntu/linux-image-server | <3.2.0.149.163 | 3.2.0.149.163 |
| =12.04 | ||
| All of | ||
| ubuntu/linux-image-generic-lpae-lts-trusty | <3.13.0.182.168 | 3.13.0.182.168 |
| =12.04 | ||
| All of | ||
| ubuntu/linux-image-virtual | <3.2.0.149.163 | 3.2.0.149.163 |
| =12.04 | ||
| All of | ||
| ubuntu/linux-image-generic-lts-trusty | <3.13.0.182.168 | 3.13.0.182.168 |
| =12.04 | ||
| All of | ||
| ubuntu/linux-image-generic-pae | <3.2.0.149.163 | 3.2.0.149.163 |
| =12.04 | ||
| All of | ||
| ubuntu/linux-image-3.13.0-182-generic-lpae | <3.13.0-182.233~12.04.1 | 3.13.0-182.233~12.04.1 |
| =12.04 | ||
| All of | ||
| ubuntu/linux-image-3.2.0-149-generic-pae | <3.2.0-149.196 | 3.2.0-149.196 |
| =12.04 | ||
| All of | ||
| ubuntu/linux-image-3.2.0-149-highbank | <3.2.0-149.196 | 3.2.0-149.196 |
| =12.04 | ||
| All of | ||
| ubuntu/linux-image-3.2.0-149-generic | <3.2.0-149.196 | 3.2.0-149.196 |
| =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2020-16119
- https://ubuntu.com/security/notices/USN-4576-1
- https://ubuntu.com/security/notices/USN-4577-1
- https://ubuntu.com/security/notices/USN-4578-1
- https://ubuntu.com/security/notices/USN-4579-1
- https://ubuntu.com/security/notices/LSN-0072-1
- https://launchpad.net/ubuntu/+source/linux/3.13.0-182.233
- https://launchpad.net/ubuntu/+source/linux/3.2.0-149.196
- https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-182.233~12.04.1
- https://ubuntu.com/security/notices/USN-4580-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this Linux kernel vulnerability?
The vulnerability ID for this Linux kernel vulnerability is USN-4580-1.
What is the impact of this vulnerability?
This vulnerability can allow a local attacker to cause a denial of service or possibly execute arbitrary code.
Which versions of Ubuntu are affected by this vulnerability?
Ubuntu 14.04, Ubuntu 12.04, and possibly others are affected by this vulnerability.
What is the recommended remedy for this vulnerability?
Updating the Linux kernel to version 3.13.0.182.191 or higher is recommended to fix this vulnerability.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following references: [Reference 1](https://ubuntu.com/security/CVE-2020-16119), [Reference 2](https://ubuntu.com/security/notices/USN-4576-1), [Reference 3](https://ubuntu.com/security/notices/USN-4577-1).
- agent/references
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- anchor-related/USN-4576-1
- anchor-related/USN-4577-1
- anchor-related/USN-4578-1
- anchor-related/USN-4579-1
- agent/software-canonical-lookup
- agent/event
- agent/title
- agent/tags
- agent/description
- agent/weakness
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/14.04
- version/ubuntu ubuntu/12.04