USN-5299-1: Linux kernel vulnerabilities
First published: Tue Feb 22 2022(Updated: )
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147) It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28972) It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) 马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3483) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204) It was discovered that the 6pack network protocol driver in the Linux kernel did not properly perform validation checks. A privileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-42008) Amit Klein discovered that the IPv6 implementation in the Linux kernel could disclose internal state in some situations. An attacker could possibly use this to expose sensitive information. (CVE-2021-45485)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-virtual | <4.4.0.219.226 | 4.4.0.219.226 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-generic | <4.4.0.219.226 | 4.4.0.219.226 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-aws | <4.4.0.1135.140 | 4.4.0.1135.140 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-219-lowlatency | <4.4.0-219.252 | 4.4.0-219.252 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-1100-kvm | <4.4.0-1100.109 | 4.4.0-1100.109 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-1135-aws | <4.4.0-1135.149 | 4.4.0-1135.149 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-219-generic | <4.4.0-219.252 | 4.4.0-219.252 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-kvm | <4.4.0.1100.98 | 4.4.0.1100.98 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-lowlatency | <4.4.0.219.226 | 4.4.0.219.226 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-generic-lts-xenial | <4.4.0.219.190 | 4.4.0.219.190 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-1099-aws | <4.4.0-1099.104 | 4.4.0-1099.104 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-219-lowlatency | <4.4.0-219.252~14.04.1 | 4.4.0-219.252~14.04.1 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-219-generic | <4.4.0-219.252~14.04.1 | 4.4.0-219.252~14.04.1 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-aws | <4.4.0.1099.97 | 4.4.0.1099.97 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-lowlatency-lts-xenial | <4.4.0.219.190 | 4.4.0.219.190 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-virtual-lts-xenial | <4.4.0.219.190 | 4.4.0.219.190 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2021-3612
- https://ubuntu.com/security/notices/USN-4989-1
- https://ubuntu.com/security/notices/USN-4989-2
- https://ubuntu.com/security/notices/USN-5017-1
- https://ubuntu.com/security/notices/USN-5018-1
- https://ubuntu.com/security/notices/USN-5046-1
- https://ubuntu.com/security/notices/USN-5050-1
- https://ubuntu.com/security/notices/USN-5343-1
- https://ubuntu.com/security/notices/USN-5015-1
- https://ubuntu.com/security/notices/USN-5044-1
- https://ubuntu.com/security/notices/USN-5045-1
- https://ubuntu.com/security/notices/USN-5070-1
- https://ubuntu.com/security/notices/USN-5073-1
- https://ubuntu.com/security/notices/USN-5073-2
- https://ubuntu.com/security/notices/USN-5073-3
- https://ubuntu.com/security/notices/USN-4948-1
- https://ubuntu.com/security/notices/USN-4979-1
- https://ubuntu.com/security/notices/USN-4982-1
- https://ubuntu.com/security/notices/USN-4984-1
- https://ubuntu.com/security/notices/USN-4997-1
- https://ubuntu.com/security/notices/USN-4999-1
- https://ubuntu.com/security/notices/USN-5000-1
- https://ubuntu.com/security/notices/USN-5001-1
- https://ubuntu.com/security/notices/USN-5000-2
- https://ubuntu.com/security/notices/USN-4997-2
- https://ubuntu.com/security/notices/USN-5016-1
- https://ubuntu.com/security/notices/USN-5113-1
- https://ubuntu.com/security/notices/USN-5114-1
- https://ubuntu.com/security/notices/USN-5115-1
- https://ubuntu.com/security/notices/USN-5116-1
- https://ubuntu.com/security/notices/USN-5116-2
- https://ubuntu.com/security/notices/USN-5091-1
- https://ubuntu.com/security/notices/USN-5092-1
- https://ubuntu.com/security/notices/USN-5094-1
- https://ubuntu.com/security/notices/USN-5092-2
- https://ubuntu.com/security/notices/USN-5096-1
- https://ubuntu.com/security/notices/USN-5091-2
- https://ubuntu.com/security/notices/USN-5094-2
- https://ubuntu.com/security/notices/USN-5071-1
- https://ubuntu.com/security/notices/USN-5071-2
- https://ubuntu.com/security/notices/USN-5071-3
- https://ubuntu.com/security/notices/USN-5106-1
- https://ubuntu.com/security/notices/USN-5120-1
- https://ubuntu.com/security/notices/USN-5299-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-5299-1?
The severity of USN-5299-1 is moderate.
How does the Linux kernel's WiFi vulnerability (CVE-2020-26147) work?
The vulnerability allows a physically proximate attacker to inject packets or exfiltrate selected fragments by exploiting the issue in the Linux kernel's WiFi implementation that can reassemble mixed encrypted and plaintext fragments.
Which Ubuntu versions are affected by USN-5299-1?
Ubuntu 16.04 and 14.04 are affected by USN-5299-1.
How can I fix the Linux kernel vulnerabilities on Ubuntu 16.04?
To fix the vulnerabilities on Ubuntu 16.04, you need to update the affected packages to their respective remedy versions.
Where can I find more information about USN-5299-1?
You can find more information about USN-5299-1 on the Ubuntu Security Notices website.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/usn
- source/Ubuntu
- anchor-related/USN-4989-1
- anchor-related/USN-4989-2
- anchor-related/USN-5017-1
- anchor-related/USN-5018-1
- anchor-related/USN-5046-1
- anchor-related/USN-5050-1
- anchor-related/USN-5343-1
- anchor-related/USN-5015-1
- anchor-related/USN-5044-1
- anchor-related/USN-5045-1
- anchor-related/USN-5070-1
- anchor-related/USN-5073-1
- anchor-related/USN-5073-2
- anchor-related/USN-5073-3
- anchor-related/USN-4948-1
- anchor-related/USN-4979-1
- anchor-related/USN-4982-1
- anchor-related/USN-4984-1
- anchor-related/USN-4997-1
- anchor-related/USN-4999-1
- anchor-related/USN-5000-1
- anchor-related/USN-5001-1
- anchor-related/USN-5000-2
- anchor-related/USN-4997-2
- anchor-related/USN-5016-1
- anchor-related/USN-5113-1
- anchor-related/USN-5114-1
- anchor-related/USN-5115-1
- anchor-related/USN-5116-1
- anchor-related/USN-5116-2
- anchor-related/USN-5091-1
- anchor-related/USN-5092-1
- anchor-related/USN-5094-1
- anchor-related/USN-5092-2
- anchor-related/USN-5096-1
- anchor-related/USN-5091-2
- anchor-related/USN-5094-2
- anchor-related/USN-5071-1
- anchor-related/USN-5071-2
- anchor-related/USN-5071-3
- anchor-related/USN-5106-1
- anchor-related/USN-5120-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04