USN-5267-2: Linux kernel regression | Cloud Foundry

Severity

Unknown

Vendor

Canonical Ubuntu

Versions Affected

• Canonical Ubuntu 18.04

Description

USN-5267-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused the kernel to freeze when accessing CIFS shares in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3640) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739)

Affected Cloud Foundry Products and Versions

Severity is unknown unless otherwise noted.

• Bionic Stemcells
  • 1.x versions prior to 1.61
  • All other stemcells not listed.

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

• Bionic Stemcells
  • Upgrade 1.x versions to 1.61 or greater
  • All other stemcells should be upgraded to the latest version available on bosh.io.

References

• USN Notice

History

2022-03-10: Initial vulnerability report published.