First published: Wed Sep 22 2021(Updated: )
Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-4.15.0-1095-raspi2 | <4.15.0-1095.101 | 4.15.0-1095.101 |
=18.04 | ||
All of | ||
ubuntu/linux-image-raspi2 | <4.15.0.1095.93 | 4.15.0.1095.93 |
=18.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for this advisory is USN-5073-3.
The severity of USN-5073-3 is not mentioned in the provided information.
The affected software is the Linux kernel on Raspberry Pi. Specifically, the version linux-image-4.15.0-1095-raspi2 (up to exclusive version 4.15.0-1095.101) for Ubuntu 18.04 and linux-image-raspi2 (up to exclusive version 4.15.0.1095.93) for Ubuntu 18.04.
The risk associated with the vulnerability is the exposure of sensitive information (kernel memory) through the CAN broadcast manager (bcm) protocol implementation in the Linux kernel.
To fix USN-5073-3, update the affected Linux kernel packages to version linux-image-4.15.0-1095-raspi2 (4.15.0-1095.101) for Ubuntu 18.04 or linux-image-raspi2 (4.15.0.1095.93) for Ubuntu 18.04.