USN-4751-1: Linux kernel vulnerabilities
First published: Thu Feb 25 2021(Updated: )
It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-25656) Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-25668) Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669) Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2020-25704) Julien Grall discovered that the Xen dom0 event handler in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-27673) Jinoh Kang discovered that the Xen event channel infrastructure in the Linux kernel contained a race condition. An attacker in guest could possibly use this to cause a denial of service (dom0 crash). (CVE-2020-27675) Daniel Axtens discovered that PowerPC RTAS implementation in the Linux kernel did not properly restrict memory accesses in some situations. A privileged local attacker could use this to arbitrarily modify kernel memory, potentially bypassing kernel lockdown restrictions. (CVE-2020-27777) It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2020-27815) Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in the Linux kernel did not correctly handle setting line discipline in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-27830, CVE-2020-28941) It was discovered that a use-after-free vulnerability existed in the infiniband hfi1 device driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2020-27835) It was discovered that an information leak existed in the syscall implementation in the Linux kernel on 32 bit systems. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28588) Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-28974) Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29568) Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29569) Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-29660) Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661) It was discovered that a race condition existed that caused the Linux kernel to not properly restrict exit signal delivery. A local attacker could possibly use this to send signals to arbitrary processes. (CVE-2020-35508)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-5.8.0-1016-raspi | <5.8.0-1016.19 | 5.8.0-1016.19 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-1016-raspi-nolpae | <5.8.0-1016.19 | 5.8.0-1016.19 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-1019-kvm | <5.8.0-1019.21 | 5.8.0-1019.21 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-1021-oracle | <5.8.0-1021.22 | 5.8.0-1021.22 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-1023-azure | <5.8.0-1023.25 | 5.8.0-1023.25 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-1023-gcp | <5.8.0-1023.24 | 5.8.0-1023.24 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-1024-aws | <5.8.0-1024.26 | 5.8.0-1024.26 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-44-generic | <5.8.0-44.50 | 5.8.0-44.50 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-44-generic-64k | <5.8.0-44.50 | 5.8.0-44.50 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-44-generic-lpae | <5.8.0-44.50 | 5.8.0-44.50 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-44-lowlatency | <5.8.0-44.50 | 5.8.0-44.50 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-aws | <5.8.0.1024.26 | 5.8.0.1024.26 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-azure | <5.8.0.1023.23 | 5.8.0.1023.23 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-gcp | <5.8.0.1023.23 | 5.8.0.1023.23 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-generic | <5.8.0.44.49 | 5.8.0.44.49 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-generic-64k | <5.8.0.44.49 | 5.8.0.44.49 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-generic-lpae | <5.8.0.44.49 | 5.8.0.44.49 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-gke | <5.8.0.1023.23 | 5.8.0.1023.23 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-kvm | <5.8.0.1019.21 | 5.8.0.1019.21 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-lowlatency | <5.8.0.44.49 | 5.8.0.44.49 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-oem-20.04 | <5.8.0.44.49 | 5.8.0.44.49 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-oracle | <5.8.0.1021.20 | 5.8.0.1021.20 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-raspi | <5.8.0.1016.19 | 5.8.0.1016.19 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-raspi-nolpae | <5.8.0.1016.19 | 5.8.0.1016.19 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-virtual | <5.8.0.44.49 | 5.8.0.44.49 |
| =20.10 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-44-generic | <5.8.0-44.50~20.04.1 | 5.8.0-44.50~20.04.1 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-44-generic-lpae | <5.8.0-44.50~20.04.1 | 5.8.0-44.50~20.04.1 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-44-lowlatency | <5.8.0-44.50~20.04.1 | 5.8.0-44.50~20.04.1 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-generic-64k-hwe-20.04 | <5.8.0.44.50~20.04.30 | 5.8.0.44.50~20.04.30 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-generic-hwe-20.04 | <5.8.0.44.50~20.04.30 | 5.8.0.44.50~20.04.30 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-generic-lpae-hwe-20.04 | <5.8.0.44.50~20.04.30 | 5.8.0.44.50~20.04.30 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-lowlatency-hwe-20.04 | <5.8.0.44.50~20.04.30 | 5.8.0.44.50~20.04.30 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-virtual-hwe-20.04 | <5.8.0.44.50~20.04.30 | 5.8.0.44.50~20.04.30 |
| =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2020-25704
- https://ubuntu.com/security/CVE-2020-28588
- https://ubuntu.com/security/CVE-2020-29660
- https://ubuntu.com/security/CVE-2020-25656
- https://ubuntu.com/security/CVE-2020-35508
- https://ubuntu.com/security/CVE-2020-27675
- https://ubuntu.com/security/CVE-2020-27835
- https://ubuntu.com/security/CVE-2020-27673
- https://ubuntu.com/security/CVE-2020-28941
- https://ubuntu.com/security/CVE-2020-29569
- https://ubuntu.com/security/CVE-2020-29661
- https://ubuntu.com/security/CVE-2020-27830
- https://ubuntu.com/security/CVE-2020-29568
- https://ubuntu.com/security/CVE-2020-28974
- https://ubuntu.com/security/CVE-2020-27815
- https://ubuntu.com/security/CVE-2020-25668
- https://ubuntu.com/security/CVE-2020-27777
- https://ubuntu.com/security/CVE-2020-25669
- https://ubuntu.com/security/notices/USN-4679-1
- https://ubuntu.com/security/notices/USN-4710-1
- https://ubuntu.com/security/notices/USN-4711-1
- https://ubuntu.com/security/notices/USN-4752-1
- https://ubuntu.com/security/notices/USN-4750-1
- https://ubuntu.com/security/notices/USN-4748-1
- https://ubuntu.com/security/notices/USN-4749-1
- https://ubuntu.com/security/notices/USN-5130-1
- https://ubuntu.com/security/notices/LSN-0082-1
- https://ubuntu.com/security/notices/USN-4680-1
- https://ubuntu.com/security/notices/USN-4681-1
- https://ubuntu.com/security/notices/USN-4876-1
- https://ubuntu.com/security/notices/USN-4912-1
- https://ubuntu.com/security/notices/USN-4683-1
- https://ubuntu.com/security/notices/USN-4708-1
- https://ubuntu.com/security/notices/USN-4709-1
- https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1016.19
- https://launchpad.net/ubuntu/+source/linux-signed-kvm/5.8.0-1019.21
- https://launchpad.net/ubuntu/+source/linux-signed-oracle/5.8.0-1021.22
- https://launchpad.net/ubuntu/+source/linux-signed-azure/5.8.0-1023.25
- https://launchpad.net/ubuntu/+source/linux-signed-gcp/5.8.0-1023.24
- https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1024.26
- https://launchpad.net/ubuntu/+source/linux-signed/5.8.0-44.50
- https://launchpad.net/ubuntu/+source/linux/5.8.0-44.50
- https://launchpad.net/ubuntu/+source/linux-meta-aws/5.8.0.1024.26
- https://launchpad.net/ubuntu/+source/linux-meta-azure/5.8.0.1023.23
- https://launchpad.net/ubuntu/+source/linux-meta-gcp/5.8.0.1023.23
- https://launchpad.net/ubuntu/+source/linux-meta/5.8.0.44.49
- https://launchpad.net/ubuntu/+source/linux-meta-kvm/5.8.0.1019.21
- https://launchpad.net/ubuntu/+source/linux-meta-oracle/5.8.0.1021.20
- https://launchpad.net/ubuntu/+source/linux-meta-raspi/5.8.0.1016.19
- https://launchpad.net/ubuntu/+source/linux-signed-hwe-5.8/5.8.0-44.50~20.04.1
- https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-44.50~20.04.1
- https://launchpad.net/ubuntu/+source/linux-meta-hwe-5.8/5.8.0.44.50~20.04.30
- https://ubuntu.com/security/notices/USN-4751-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/usn
- source/Ubuntu
- anchor-related/USN-4679-1
- anchor-related/USN-4710-1
- anchor-related/USN-4711-1
- anchor-related/USN-4752-1
- anchor-related/USN-4750-1
- anchor-related/USN-4748-1
- anchor-related/USN-4749-1
- anchor-related/USN-5130-1
- anchor-related/USN-4680-1
- anchor-related/USN-4681-1
- anchor-related/USN-4876-1
- anchor-related/USN-4912-1
- anchor-related/USN-4683-1
- anchor-related/USN-4708-1
- anchor-related/USN-4709-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.10
- version/ubuntu ubuntu/20.04