First published: Thu Sep 30 2021(Updated: )
It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2021-22543) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204) It was discovered that the Xilinx 10/100 Ethernet Lite device driver in the Linux kernel could report pointer addresses in some situations. An attacker could use this information to ease the exploitation of another vulnerability. (CVE-2021-38205)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-4.15.0-1096-raspi2 | <4.15.0-1096.102 | 4.15.0-1096.102 |
=18.04 | ||
All of | ||
ubuntu/linux-image-raspi2 | <4.15.0.1096.94 | 4.15.0.1096.94 |
=18.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID is USN-5094-2.
The impact of USN-5094-2 is a use-after-free vulnerability in the Linux kernel KVM hypervisor implementation.
Users of Ubuntu 18.04 with the Linux kernel version 4.15.0-1096.102 or lower on Raspberry Pi are affected by USN-5094-2.
An attacker who can start and control a virtual machine can exploit USN-5094-2 to expose sensitive information or execute arbitrary code.
To fix USN-5094-2, update the Linux kernel to version 4.15.0-1096.102 or higher.