linux-hwe, linux-azure-5.3, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-oracle-5.3 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
* Ubuntu 18.04 LTS
Summary
Several security issues were fixed in the Linux kernel.
Software Description
* linux-azure-5.3 - linux kernel for microsoft azure cloud
systems
* linux-gcp-5.3 - Linux kernel for Google Cloud Platform (GCP)
systems
* linux-gke-5.3 - Linux kernel for Google Container Engine (GKE)
systems
* linux-hwe - Linux hardware enablement (HWE) kernel
* linux-oracle-5.3 - Linux kernel for Oracle Cloud systems
Details
It was discovered that the network block device (nbd)
implementation in the Linux kernel did not properly check for
error conditions in some situations. An attacker could possibly
use this to cause a denial of service (system crash).
(CVE-2019-16089)
It was discovered that the kernel->user space relay implementation
in the Linux kernel did not properly check return values in some
situations. A local attacker could possibly use this to cause a
denial of service (system crash). (CVE-2019-19462)
Chuhong Yuan discovered that go7007 USB audio device driver in the
Linux kernel did not properly deallocate memory in some failure
conditions. A physically proximate attacker could use this to
cause a denial of service (memory exhaustion). (CVE-2019-20810)
Jason A. Donenfeld discovered that the ACPI implementation in the
Linux kernel did not properly restrict loading SSDT code from an
EFI variable. A privileged attacker could use this to bypass
Secure Boot lockdown restrictions and execute arbitrary code in
the kernel. (CVE-2019-20908)
It was discovered that the elf handling code in the Linux kernel
did not initialize memory before using it in certain situations. A
local attacker could use this to possibly expose sensitive
information (kernel memory). (CVE-2020-10732)
Fan Yang discovered that the mremap implementation in the Linux
kernel did not properly handle DAX Huge Pages. A local attacker
with access to DAX storage could use this to gain administrative
privileges. (CVE-2020-10757)
It was discovered that the Linux kernel did not correctly apply
Speculative Store Bypass Disable (SSBD) mitigations in certain
situations. A local attacker could possibly use this to expose
sensitive information. (CVE-2020-10766)
It was discovered that the Linux kernel did not correctly apply
Indirect Branch Predictor Barrier (IBPB) mitigations in certain
situations. A local attacker could possibly use this to expose
sensitive information. (CVE-2020-10767)
It was discovered that the Linux kernel could incorrectly enable
indirect branch speculation after it has been disabled for a
process via a prctl() call. A local attacker could possibly use
this to expose sensitive information. (CVE-2020-10768)
Mauricio Faria de Oliveira discovered that the aufs implementation
in the Linux kernel improperly managed inode reference counts in
the vfsub_dentry_open() method. A local attacker could use this
vulnerability to cause a denial of service. (CVE-2020-11935)
It was discovered that the Virtual Terminal keyboard driver in the
Linux kernel contained an integer overflow. A local attacker could
possibly use this to have an unspecified impact. (CVE-2020-13974)
Jason A. Donenfeld discovered that the ACPI implementation in the
Linux kernel did not properly restrict loading ACPI tables via
configfs. A privileged attacker could use this to bypass Secure
Boot lockdown restrictions and execute arbitrary code in the
kernel. (CVE-2020-15780)
Update instructions
The problem can be corrected by updating your system to the
following package versions:
Ubuntu 18.04 LTS
linux-image-5.3.0-1030-oracle - 5.3.0-1030.32~18.04.1
linux-image-5.3.0-1032-gcp - 5.3.0-1032.34~18.04.1
linux-image-5.3.0-1032-gke - 5.3.0-1032.34~18.04.1
linux-image-5.3.0-1034-azure - 5.3.0-1034.35~18.04.1
linux-image-5.3.0-64-generic - 5.3.0-64.58~18.04.1
linux-image-5.3.0-64-generic-lpae - 5.3.0-64.58~18.04.1
linux-image-5.3.0-64-lowlatency - 5.3.0-64.58~18.04.1
linux-image-azure - 5.3.0.1034.30
linux-image-gcp - 5.3.0.1032.26
linux-image-gke-5.3 - 5.3.0.1032.17
linux-image-gkeop-5.3 - 5.3.0.64.120
linux-image-oracle - 5.3.0.1030.27
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to
make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates
have been given a new version number, which requires you to
recompile and reinstall all third party kernel modules you might
have installed. Unless you manually uninstalled the standard
kernel metapackages (e.g. linux-generic,
linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a
standard system upgrade will automatically perform this as well.
References
* CVE-2019-16089
* CVE-2019-19462
* CVE-2019-20810
* CVE-2019-20908
* CVE-2020-10732
* CVE-2020-10757
* CVE-2020-10766
* CVE-2020-10767
* CVE-2020-10768
* CVE-2020-11935
* CVE-2020-13974
* CVE-2020-15780
--- Mystic BBS v1.12 A45 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)