Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2020-2024 Canonical, Inc. / NASL script (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4660-1.NASL
HistoryDec 03, 2020 - 12:00 a.m.

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4660-1)

2020-12-0300:00:00
Ubuntu Security Notice (C) 2020-2024 Canonical, Inc. / NASL script (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
78

8.5 High

AI Score

Confidence

High

JSON

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4660-1 advisory.

  • A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)

  • A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)

  • In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
    (CVE-2020-25211)

  • The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)

  • A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)

  • A flaw was found in the Linux kernel’s implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-25641)

  • A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)

  • A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)

  • A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)

  • IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
    (CVE-2020-4788)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4660-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(143445);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");

  script_cve_id(
    "CVE-2020-4788",
    "CVE-2020-14351",
    "CVE-2020-14390",
    "CVE-2020-25211",
    "CVE-2020-25284",
    "CVE-2020-25285",
    "CVE-2020-25641",
    "CVE-2020-25643",
    "CVE-2020-25645",
    "CVE-2020-28915"
  );
  script_xref(name:"USN", value:"4660-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4660-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as
referenced in the USN-4660-1 advisory.

  - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem
    allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate
    privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as
    system availability. (CVE-2020-14351)

  - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-
    bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of
    the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)

  - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could
    overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in
    ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
    (CVE-2020-25211)

  - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete
    permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap
    rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)

  - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be
    used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified
    other impact, aka CID-17743798d812. (CVE-2020-25285)

  - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length
    biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a
    denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block
    device, resulting in a denial of service. The highest threat from this vulnerability is to system
    availability. (CVE-2020-25641)

  - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption
    and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause
    the system to crash or cause a denial of service. The highest threat from this vulnerability is to data
    confidentiality and integrity as well as system availability. (CVE-2020-25643)

  - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may
    be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE
    tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from
    this vulnerability is to data confidentiality. (CVE-2020-25645)

  - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be
    used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)

  - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive
    information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
    (CVE-2020-4788)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4660-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25643");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-14351");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/12/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/12/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1059-oracle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1074-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1074-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1079-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1088-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1091-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1100-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-oem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-lowlatency");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2020-2024 Canonical, Inc. / NASL script (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');
include('ksplice.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var kernel_mappings = {
  '16.04': {
    '4.15.0': {
      'generic': '4.15.0-126',
      'generic-lpae': '4.15.0-126',
      'lowlatency': '4.15.0-126',
      'oracle': '4.15.0-1059',
      'aws': '4.15.0-1088',
      'azure': '4.15.0-1100'
    }
  },
  '18.04': {
    '4.15.0': {
      'generic': '4.15.0-126',
      'generic-lpae': '4.15.0-126',
      'lowlatency': '4.15.0-126',
      'oracle': '4.15.0-1059',
      'gke': '4.15.0-1074',
      'raspi2': '4.15.0-1074',
      'kvm': '4.15.0-1079',
      'aws': '4.15.0-1088',
      'snapdragon': '4.15.0-1091',
      'azure': '4.15.0-1100',
      'oem': '4.15.0-1103'
    }
  }
};

var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);

var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
  extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
  else
{
  audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4660-1');
}

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  var cve_list = make_list('CVE-2020-4788', 'CVE-2020-14351', 'CVE-2020-14390', 'CVE-2020-25211', 'CVE-2020-25284', 'CVE-2020-25285', 'CVE-2020-25641', 'CVE-2020-25643', 'CVE-2020-25645', 'CVE-2020-28915');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4660-1');
  }
  else
  {
    extra = extra + ksplice_reporting_text();
  }
}
if (extra) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : extra
  );
  exit(0);
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linuxlinux-image-4.15.0-1059-oraclep-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1059-oracle
canonicalubuntu_linuxlinux-image-4.15.0-1074-gkep-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1074-gke
canonicalubuntu_linuxlinux-image-4.15.0-1074-raspi2p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1074-raspi2
canonicalubuntu_linuxlinux-image-4.15.0-1079-kvmp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1079-kvm
canonicalubuntu_linuxlinux-image-4.15.0-1088-awsp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1088-aws
canonicalubuntu_linuxlinux-image-4.15.0-1091-snapdragonp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1091-snapdragon
canonicalubuntu_linuxlinux-image-4.15.0-1100-azurep-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1100-azure
canonicalubuntu_linuxlinux-image-4.15.0-1103-oemp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-oem
Rows per page:
1-10 of 131

Related

osv 10
cloudfoundry 2
ubuntu 9
nessus 66
amazon 2
mageia 1
photon 6
oraclelinux 6
debian 5
suse 3
prion 10
redhatcve 10
ubuntucve 10
veracode 8
redhat 10
cbl_mariner 9
cve 10
debiancve 10
ibm 5
fedora 2
f5 2
aix 1
zdi 1
centos 1
osv
osv
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon regression
2020-12-13 23:27:41
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2020-12-03 02:19:02
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 regression
2020-12-13 22:41:46
cloudfoundry
cloudfoundry
USN-4660-1: Linux kernel vulnerabilities | Cloud Foundry
2021-01-12 00:00:00
USN-4660-2: Linux kernel regression | Cloud Foundry
2021-02-10 00:00:00
ubuntu
ubuntu
Linux kernel regression
2020-12-13 00:00:00
Linux kernel vulnerabilities
2020-12-03 00:00:00
Linux kernel regression
2020-12-13 00:00:00
nessus
nessus
Amazon Linux 2 : kernel (ALAS-2020-1520)
2020-10-28 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4658-1)
2020-12-02 00:00:00
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4657-1)
2020-12-02 00:00:00
amazon
amazon
Important: kernel
2020-10-22 18:07:00
Important: kernel
2020-10-26 18:08:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2020-10-21 16:07:53
photon
photon
Important Photon OS Security Update - PHSA-2020-0147
2020-09-28 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0147
2020-10-01 00:00:00
Important Photon OS Security Update - PHSA-2020-0330
2020-10-09 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2020-11-10 00:00:00
Unbreakable Enterprise kernel-container security update
2020-11-12 00:00:00
Unbreakable Enterprise kernel-container security update
2020-11-12 00:00:00
debian
debian
[SECURITY] [DLA 2417-1] linux-4.19 security update
2020-10-28 14:53:23
[SECURITY] [DSA 4774-1] linux security update
2020-10-19 12:12:25
[SECURITY] [DSA 4774-1] linux security update
2020-10-19 12:12:25
suse
suse
Security update for the Linux Kernel (important)
2020-10-19 00:00:00
Security update for the Linux Kernel (important)
2020-11-29 00:00:00
Security update for the Linux Kernel (important)
2020-10-11 00:00:00
prion
prion
Design/Logic Flaw
2020-09-18 18:15:00
Design/Logic Flaw
2020-10-13 20:15:00
Race condition
2020-09-13 18:15:00
redhatcve
redhatcve
CVE-2020-14390
2020-09-17 13:00:12
CVE-2020-25645
2020-10-08 12:34:56
CVE-2020-28915
2020-11-18 17:09:54
ubuntucve
ubuntucve
CVE-2020-25645
2020-10-13 00:00:00
CVE-2020-25641
2020-10-06 00:00:00
CVE-2020-14390
2020-09-18 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-10-18 01:56:12
Denial Of Service (DoS)
2022-09-08 21:51:29
Man-in-the-Middle (MitM)
2020-12-06 02:35:32
redhat
redhat
(RHSA-2020:5079) Moderate: kernel-alt security and bug fix update
2020-11-10 17:13:20
(RHSA-2020:5374) Moderate: kernel security and bug fix update
2020-12-08 10:02:10
(RHSA-2021:0073) Moderate: kernel security and bug fix update
2021-01-12 08:21:25
cbl_mariner
cbl_mariner
CVE-2020-25285 affecting package kernel 5.4.91-6
2021-03-03 03:44:27
CVE-2020-14390 affecting package kernel 5.4.91-6
2021-03-03 03:44:27
CVE-2020-25641 affecting package kernel 5.4.91-6
2021-03-03 03:44:27
cve
cve
CVE-2020-25285
2020-09-13 18:15:00
CVE-2020-14390
2020-09-18 18:15:00
CVE-2020-25641
2020-10-06 14:15:00
debiancve
debiancve
CVE-2020-25285
2020-09-13 18:15:00
CVE-2020-14390
2020-09-18 18:15:00
CVE-2020-25641
2020-10-06 14:15:00
ibm
ibm
Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management
2021-02-02 08:40:27
Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management
2021-03-08 10:24:18
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer over-read flaw in Linux Kernel (CVE-2020-28915)
2023-01-12 21:59:00
fedora
fedora
[SECURITY] Fedora 31 Update: kernel-5.8.9-101.fc31
2020-09-16 14:40:29
[SECURITY] Fedora 32 Update: kernel-5.8.9-200.fc32
2020-09-16 14:44:58
f5
f5
K65234135 : Linux kernel vulnerability CVE-2020-25643
2021-04-02 00:00:00
K65213626 : Linux kernel vulnerability CVE-2020-25645
2021-07-08 00:00:00
aix
aix
IBM has released AIX iFixes in response to a vulnerability in IBM POWER9,IBM has released VIOS iFixes in response to a vulnerability in IBM POWER9
2020-11-19 17:01:56
zdi
zdi
Linux Kernel Performance Counters Race Condition Privilege Escalation Vulnerability
2020-11-22 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2021-03-18 23:24:41

8.5 High

AI Score

Confidence

High

JSON
Related for UBUNTU_USN-4660-1.NASL
osv10cloudfoundry2ubuntu9nessus66amazon2mageia1photon6oraclelinux6debian5suse3prion10redhatcve10ubuntucve10veracode8redhat10cbl_mariner9cve10debiancve10ibm5fedora2f52aix1zdi1centos1