Lucene search

K
ubuntuUbuntuUSN-5114-1
HistoryOct 22, 2021 - 12:00 a.m.

Linux kernel vulnerabilities

2021-10-2200:00:00
ubuntu.com
104

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

40.7%

Releases

  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems
  • linux-dell300x - Linux kernel for Dell 300x platforms
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-hwe - Linux hardware enablement (HWE) kernel
  • linux-kvm - Linux kernel for cloud environments
  • linux-oracle - Linux kernel for Oracle Cloud systems
  • linux-raspi2 - Linux kernel for Raspberry Pi systems
  • linux-snapdragon - Linux kernel for Qualcomm Snapdragon processors

Details

It was discovered that a race condition existed in the Atheros Ath9k WiFi
driver in the Linux kernel. An attacker could possibly use this to expose
sensitive information (WiFi network traffic). (CVE-2020-3702)

It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly compute the access permissions for shadow pages in
some situations. A local attacker could use this to cause a denial of
service. (CVE-2021-38198)

It was discovered that the ext4 file system in the Linux kernel contained a
race condition when writing xattrs to an inode. A local attacker could use
this to cause a denial of service or possibly gain administrative
privileges. (CVE-2021-40490)

It was discovered that the 6pack network protocol driver in the Linux
kernel did not properly perform validation checks. A privileged attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2021-42008)

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

40.7%