What is the vulnerability ID for this advisory?

The vulnerability ID for this advisory is USN-5073-3.

What is the severity of USN-5073-3?

The severity of USN-5073-3 is not mentioned in the provided information.

What is the affected software?

The affected software is the Linux kernel on Raspberry Pi. Specifically, the version linux-image-4.15.0-1095-raspi2 (up to exclusive version 4.15.0-1095.101) for Ubuntu 18.04 and linux-image-raspi2 (up to exclusive version 4.15.0.1095.93) for Ubuntu 18.04.

What is the risk associated with the vulnerability?

The risk associated with the vulnerability is the exposure of sensitive information (kernel memory) through the CAN broadcast manager (bcm) protocol implementation in the Linux kernel.

How can I fix USN-5073-3?

To fix USN-5073-3, update the affected Linux kernel packages to version linux-image-4.15.0-1095-raspi2 (4.15.0-1095.101) for Ubuntu 18.04 or linux-image-raspi2 (4.15.0.1095.93) for Ubuntu 18.04.

Vulnerability/
USN-5073-3

22/9/2021

USN-5073-3: Linux kernel (Raspberry Pi) vulnerabilities

First published: Wed Sep 22 2021(Updated: )

Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-4.15.0-1095-raspi2	<4.15.0-1095.101	4.15.0-1095.101
	=18.04
All of
ubuntu/linux-image-raspi2	<4.15.0.1095.93	4.15.0.1095.93
	=18.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-5073-3.
What is the severity of USN-5073-3?
The severity of USN-5073-3 is not mentioned in the provided information.
What is the affected software?
The affected software is the Linux kernel on Raspberry Pi. Specifically, the version linux-image-4.15.0-1095-raspi2 (up to exclusive version 4.15.0-1095.101) for Ubuntu 18.04 and linux-image-raspi2 (up to exclusive version 4.15.0.1095.93) for Ubuntu 18.04.
What is the risk associated with the vulnerability?
The risk associated with the vulnerability is the exposure of sensitive information (kernel memory) through the CAN broadcast manager (bcm) protocol implementation in the Linux kernel.
How can I fix USN-5073-3?
To fix USN-5073-3, update the affected Linux kernel packages to version linux-image-4.15.0-1095-raspi2 (4.15.0-1095.101) for Ubuntu 18.04 or linux-image-raspi2 (4.15.0.1095.93) for Ubuntu 18.04.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
anchor-related/USN-5073-1
anchor-related/USN-5073-2
anchor-related/USN-5091-1
anchor-related/USN-5092-1
anchor-related/USN-5092-2
anchor-related/USN-5096-1
anchor-related/USN-5091-2
anchor-related/USN-5106-1
anchor-related/USN-5343-1
anchor-related/USN-5045-1
anchor-related/USN-5070-1
anchor-related/USN-5299-1
anchor-related/USN-5071-1
anchor-related/USN-5071-2
anchor-related/USN-5071-3
anchor-related/USN-5120-1
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/18.04