Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 20.04 LTS
* Ubuntu 18.04 LTS
* Ubuntu 16.04 LTS
* Ubuntu 14.04 ESM

Summary

Several security issues were fixed in the kernel.

Software Description

* linux - Linux kernel
* linux-aws - Linux kernel for Amazon Web Services (AWS) systems
* linux-oem - Linux kernel for OEM systems

Special Notice for CVE-2020-0543

On June 9, Intel announced CVE-2020-0543, a CPU hardware issue
known as Special Register Buffer Data Sampling (SRBDS), which
could result in data leaks from random number generation
instructions. The issue affects a subset of Intel CPUs and is
mitigated by a CPU microcode update. This is a hardware issue and
cannot be mitigated with a livepatch.

The kernel update associated with the CVE provides the ability to
turn the mitigation on and off and to report the presence of the
mitigation in the microcode, and should be installed with the
updated microcode.

To determine if your Intel CPU is affected, consult Intel's list
of affected processors. Note that AMD processors, and
architectures other than x86_64, are not affected by this CVE.

Users affected by this issue should update their kernel and CPU
microcode, and reboot into the new kernel. Users not affected by
CVE-2020-0543 may continue to use livepatch updates without
rebooting.

For more information about the CVE and our response, please
consult the Ubuntu SRBDS wiki page.

Details

It was discovered that the virtual terminal implementation in the
Linux kernel did not properly handle resize events. A local
attacker could use this to expose sensitive information.
(CVE-2020-8647)

It was discovered that the virtual terminal implementation in the
Linux kernel contained a race condition. A local attacker could
possibly use this to cause a denial of service (system crash) or
expose sensitive information. (CVE-2020-8648)

It was discovered that the virtual terminal implementation in the
Linux kernel did not properly handle resize events. A local
attacker could use this to expose sensitive information.
(CVE-2020-8649)

It was discovered that the Serial CAN interface driver in the
Linux kernel did not properly initialize data. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2020-11494)

Piotr Krysiuk discovered that race conditions existed in the file
system implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash).
(CVE-2020-12114)

Update instructions

The problem can be corrected by updating your kernel livepatch to
the following versions:

Ubuntu 18.04 LTS
aws - 68.1
generic - 68.1
lowlatency - 68.1
oem - 68.1

Ubuntu 16.04 LTS
aws - 68.1
generic - 67.1
generic - 68.1
lowlatency - 67.1
lowlatency - 68.1

Ubuntu 14.04 ESM
generic - 66.1
lowlatency - 66.1

Support Information

Kernels older than the levels listed below do not receive
livepatch updates. If you are running a kernel version earlier
than the one listed below, please upgrade your kernel as soon as
possible.

Ubuntu 18.04 LTS
linux - 4.15.0-69
linux-aws - 4.15.0-1054
linux-azure - 5.0.0-1025
linux-gcp - 5.0.0-1025
linux-oem - 4.15.0-1063

Ubuntu 20.04 LTS
linux - 5.4.0-26
linux-aws - 5.4.0-1009
linux-azure - 5.4.0-1010
linux-gcp - 5.4.0-1009
linux-oem - 5.4.0-26

Ubuntu 16.04 LTS
linux - 4.4.0-168
linux-aws - 4.4.0-1098
linux-azure - 4.15.0-1063
linux-hwe - 4.15.0-69

Ubuntu 14.04 ESM
linux-lts-xenial - 4.4.0-168

References

* CVE-2020-0543
* CVE-2020-8647
* CVE-2020-8648
* CVE-2020-8649
* CVE-2020-11494
* CVE-2020-12114

--- Mystic BBS v1.12 A45 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)

Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 18.04 LTS
* Ubuntu 20.04 LTS
* Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the kernel.

Software Description

* linux - Linux kernel
* linux-aws - Linux kernel for Amazon Web Services (AWS) systems
* linux-azure - Linux kernel for Microsoft Azure Cloud systems
* linux-gcp - Linux kernel for Google Cloud Platform (GCP)
systems
* linux-oem - Linux kernel for OEM systems

Details

Relay_open in kernel/relay.c in the Linux kernel through 5.4.1
allows local users to cause a denial of service (such as relay
blockage) by triggering a NULL alloc_percpu result.
(CVE-2019-19642)

Fan Yang discovered that the mremap implementation in the Linux
kernel did not properly handle DAX Huge Pages. A local attacker
with access to DAX storage could use this to gain administrative
privileges. (CVE-2020-10757)

It was discovered that the DesignWare SPI controller driver in the
Linux kernel contained a race condition. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2020-12769)

In the Linux kernel before 5.4.16, a race condition in
tty->disc_data handling in the slip and slcan line discipline
could lead to a use-after-free, aka CID-0ace17d56824. This affects
drivers/net/slip/slip.c and drivers/net/can/slcan.c.
(CVE-2020-14416)

Update instructions

The problem can be corrected by updating your kernel livepatch to
the following versions:

Ubuntu 18.04 LTS
aws - 69.1
generic - 69.1
lowlatency - 69.1
oem - 69.1

Ubuntu 20.04 LTS
aws - 69.1
azure - 69.1
gcp - 69.1
generic - 69.1
lowlatency - 69.1

Ubuntu 16.04 LTS
aws - 69.1
generic - 69.1
lowlatency - 69.1

Support Information

Kernels older than the levels listed below do not receive
livepatch updates. If you are running a kernel version earlier
than the one listed below, please upgrade your kernel as soon as
possible.

Ubuntu 18.04 LTS
linux-aws - 4.15.0-1054
linux-azure - 5.0.0-1025
linux-gcp - 5.0.0-1025
linux-oem - 4.15.0-1063
linux - 4.15.0-69

Ubuntu 20.04 LTS
linux-aws - 5.4.0-1009
linux-azure - 5.4.0-1010
linux-gcp - 5.4.0-1009
linux-oem - 5.4.0-26
linux - 5.4.0-26

Ubuntu 16.04 LTS
linux-aws - 4.4.0-1098
linux-azure - 4.15.0-1063
linux-hwe - 4.15.0-69
linux - 4.4.0-168

References

* CVE-2019-19642
* CVE-2020-10757
* CVE-2020-12769
* CVE-2020-14416

--- Mystic BBS v1.12 A45 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)

Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 16.04 LTS
* Ubuntu 18.04 LTS
* Ubuntu 20.04 LTS

Summary

A security issue was fixed in the 4.15 kernel. This issue affects
the 5.4 kernel as well, but a livepatch is not yet available.
While work is continuing to develop livepatches for all affected
kernels, due to the severity of the issue, we are releasing
patches as they become ready.

Software Description

* linux - Linux kernel
* linux-aws - Linux kernel for Amazon Web Services (AWS) systems
* linux-oem - Linux kernel for OEM systems

Details

Or Cohen discovered that the AF_PACKET implementation in the Linux
kernel did not properly perform bounds checking in some
situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2020-14386)

Update instructions

The problem can be corrected by updating your kernel livepatch to
the following versions:

Ubuntu 18.04 LTS
aws - 71.1
generic - 71.1
lowlatency - 71.1
oem - 71.1

A mitigation is available if your kernel is affected, did not yet
receive a livepatch, and rebooting into the most recently released
kernel is not practical. If your system does not require the use
of unprivileged user namespaces, you may disable them and mitigate
the problem using the following command:

sudo sysctl kernel.unprivileged_userns_clone=0

Support Information

Kernels older than the levels listed below do not receive
livepatch updates. If you are running a kernel version earlier
than the one listed below, please upgrade your kernel as soon as
possible.

Ubuntu 18.04 LTS
linux-aws - 4.15.0-1054
linux-oem - 4.15.0-1063
linux - 4.15.0-69

Ubuntu 16.04 LTS
linux-azure - 4.15.0-1063

References

* CVE-2020-14386

--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)

Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 18.04 LTS
* Ubuntu 20.04 LTS
* Ubuntu 16.04 LTS
* Ubuntu 14.04 ESM

Summary

Several security issues were fixed in the kernel.

Software Description

* linux - Linux kernel
* linux-aws - Linux kernel for Amazon Web Services (AWS) systems
* linux-azure - Linux kernel for Microsoft Azure Cloud systems
* linux-gcp - Linux kernel for Google Cloud Platform (GCP)
systems
* linux-oem - Linux kernel for OEM systems

Details

It was discovered that the F2FS file system implementation in the
Linux kernel did not properly perform bounds checking on xattrs in
some situations. A local attacker could possibly use this to
expose sensitive information (kernel memory). (CVE-2020-0067)

It was discovered that the Serial CAN interface driver in the
Linux kernel did not properly initialize data. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2020-11494)

Mauricio Faria de Oliveira discovered that the aufs implementation
in the Linux kernel improperly managed inode reference counts in
the vfsub_dentry_open() method. A local attacker could use this
vulnerability to cause a denial of service. (CVE-2020-11935)

Piotr Krysiuk discovered that race conditions existed in the file
system implementation in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash).
(CVE-2020-12114)

Or Cohen discovered that the AF_PACKET implementation in the Linux
kernel did not properly perform bounds checking in some
situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2020-14386)

Hador Manor discovered that the DCCP protocol implementation in
the Linux kernel improperly handled socket reuse, leading to a
use-after-free vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2020-16119)

Giuseppe Scrivano discovered that the overlay file system in the
Linux kernel did not properly perform permission checks in some
situations. A local attacker could possibly use this to bypass
intended restrictions and gain read access to restricted files.
(CVE-2020-16120)

Update instructions

The problem can be corrected by updating your kernel livepatch to
the following versions:

Ubuntu 18.04 LTS
aws - 72.1
generic - 72.1
lowlatency - 72.1
oem - 72.1

Ubuntu 20.04 LTS
aws - 72.1
aws - 72.2
azure - 72.1
azure - 72.2
gcp - 72.1
gcp - 72.2
generic - 72.1
generic - 72.2
lowlatency - 72.1
lowlatency - 72.2

Ubuntu 16.04 LTS
aws - 72.1
generic - 72.1
lowlatency - 72.1

Ubuntu 14.04 ESM
generic - 72.1
lowlatency - 72.1

Support Information

Kernels older than the levels listed below do not receive
livepatch updates. If you are running a kernel version earlier
than the one listed below, please upgrade your kernel as soon as
possible.

Ubuntu 18.04 LTS
linux-aws - 4.15.0-1054
linux-azure - 5.0.0-1025
linux-gcp - 5.0.0-1025
linux-oem - 4.15.0-1063
linux-oracle - 5.0.0-1000
linux - 4.15.0-69

Ubuntu 20.04 LTS
linux-aws - 5.4.0-1009
linux-azure - 5.4.0-1010
linux-gcp - 5.4.0-1009
linux-oem - 5.4.0-26
linux - 5.4.0-26

Ubuntu 16.04 LTS
linux-aws - 4.4.0-1098
linux-azure - 4.15.0-1063
linux-hwe - 4.15.0-69
linux - 4.4.0-168

Ubuntu 14.04 ESM
linux-lts-xenial - 4.4.0-168

References

* CVE-2020-0067
* CVE-2020-11494
* CVE-2020-11935
* CVE-2020-12114
* CVE-2020-14386
* CVE-2020-16119
* CVE-2020-16120

--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)