UbuntuUSN-5116-1Linux kernel vulnerabilities
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
40.7%
Releases
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
Packages
- linux - Linux kernel
- linux-bluefield - Linux kernel for NVIDIA BlueField platforms
- linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.4 - Linux hardware enablement (HWE) kernel
- linux-kvm - Linux kernel for cloud environments
Details
It was discovered that a race condition existed in the Atheros Ath9k WiFi
driver in the Linux kernel. An attacker could possibly use this to expose
sensitive information (WiFi network traffic). (CVE-2020-3702)
Alois Wohlschlager discovered that the overlay file system in the Linux
kernel did not restrict private clones in some situations. An attacker
could use this to expose sensitive information. (CVE-2021-3732)
It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly compute the access permissions for shadow pages in
some situations. A local attacker could use this to cause a denial of
service. (CVE-2021-38198)
It was discovered that the Xilinx 10/100 Ethernet Lite device driver in the
Linux kernel could report pointer addresses in some situations. An attacker
could use this information to ease the exploitation of another
vulnerability. (CVE-2021-38205)
It was discovered that the ext4 file system in the Linux kernel contained a
race condition when writing xattrs to an inode. A local attacker could use
this to cause a denial of service or possibly gain administrative
privileges. (CVE-2021-40490)
It was discovered that the 6pack network protocol driver in the Linux
kernel did not properly perform validation checks. A privileged attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2021-42008)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 20.04 | noarch | linux-image-5.4.0-89-generic | < 5.4.0-89.100 | UNKNOWN |
| Ubuntu | 20.04 | noarch | kernel-signed-image-5.4.0-89-generic-di | < 5.4.0-89.100 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-image-5.4.0-89-generic-dbgsym | < 5.4.0-89.100 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-image-5.4.0-89-lowlatency | < 5.4.0-89.100 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-image-5.4.0-89-lowlatency-dbgsym | < 5.4.0-89.100 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-image-virtual | < 5.4.0.89.93 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-cloud-tools-generic | < 5.4.0.89.93 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-cloud-tools-generic-hwe-18.04 | < 5.4.0.89.93 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-cloud-tools-generic-hwe-18.04-edge | < 5.4.0.89.93 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-cloud-tools-lowlatency | < 5.4.0.89.93 | UNKNOWN |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
40.7%