USN-5218-1: Linux kernel (OEM) vulnerabilities
First published: Tue Jan 11 2022(Updated: )
Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) It was discovered that the eBPF implementation in the Linux kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4204) It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864) It was discovered that the KVM implementation for POWER8 processors in the Linux kernel did not properly keep track if a wakeup event could be resolved by a guest. An attacker in a guest VM could possibly use this to cause a denial of service (host OS crash). (CVE-2021-43056) It was discovered that the TIPC Protocol implementation in the Linux kernel did not properly validate MSG_CRYPTO messages in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-43267) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-oem-20.04c | <5.13.0.1026.29 | 5.13.0.1026.29 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-5.13.0-1026-oem | <5.13.0-1026.32 | 5.13.0-1026.32 |
| =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2021-41864
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-43267
- https://ubuntu.com/security/CVE-2021-43056
- https://ubuntu.com/security/CVE-2021-20321
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-3760
- https://ubuntu.com/security/CVE-2021-4204
- https://launchpad.net/bugs/1956585
- https://ubuntu.com/security/notices/USN-5139-1
- https://ubuntu.com/security/notices/USN-5140-1
- https://ubuntu.com/security/notices/USN-5208-1
- https://ubuntu.com/security/notices/USN-5209-1
- https://ubuntu.com/security/notices/USN-5210-1
- https://ubuntu.com/security/notices/USN-5206-1
- https://ubuntu.com/security/notices/USN-5207-1
- https://ubuntu.com/security/notices/USN-5211-1
- https://ubuntu.com/security/notices/LSN-0083-1
- https://ubuntu.com/security/notices/USN-5165-1
- https://ubuntu.com/security/notices/USN-6221-1
- https://ubuntu.com/security/notices/USN-5343-1
- https://ubuntu.com/security/notices/USN-5505-1
- https://ubuntu.com/security/notices/USN-5513-1
- https://ubuntu.com/security/notices/USN-5217-1
- https://ubuntu.com/security/notices/USN-5219-1
- https://launchpad.net/ubuntu/+source/linux-meta-oem-5.13/5.13.0.1026.29
- https://launchpad.net/ubuntu/+source/linux-signed-oem-5.13/5.13.0-1026.32
- https://ubuntu.com/security/notices/USN-5218-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is CVE-2021-4002.
What is the severity of CVE-2021-4002?
The severity of CVE-2021-4002 is not mentioned in the advisory.
How can a local attacker exploit CVE-2021-4002?
A local attacker can exploit CVE-2021-4002 to leak or alter data from other processes that use huge pages.
What is the remedy for CVE-2021-4002?
The remedy for CVE-2021-4002 is to update to version 5.13.0.1026.29 of the linux-image-oem-20.04c package.
Are there any additional references for CVE-2021-4002?
Yes, you can find additional references for CVE-2021-4002 at the following URLs: [link 1](https://ubuntu.com/security/CVE-2021-41864), [link 2](https://ubuntu.com/security/CVE-2021-4002), [link 3](https://ubuntu.com/security/CVE-2021-43267).
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/usn
- source/Ubuntu
- anchor-related/USN-5139-1
- anchor-related/USN-5140-1
- anchor-related/USN-5208-1
- anchor-related/USN-5209-1
- anchor-related/USN-5210-1
- anchor-related/USN-5206-1
- anchor-related/USN-5207-1
- anchor-related/USN-5211-1
- anchor-related/USN-5165-1
- anchor-related/USN-6221-1
- anchor-related/USN-5343-1
- anchor-related/USN-5505-1
- anchor-related/USN-5513-1
- anchor-related/USN-5217-1
- anchor-related/USN-5219-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.04