USN-4367-1

Details

It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service (system crash). (CVE-2019-19377)

It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability to specify mount options could use this to cause a denial of service (system crash). (CVE-2020-11565)

It was discovered that the block layer in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-12657)

Affected Packages

Ubuntu:20.04:LTSlinux

Fixed in:

5.4.0-31.35

Ubuntu:20.04:LTSlinux-aws

Fixed in:

5.4.0-1011.11

Ubuntu:20.04:LTSlinux-azure

Fixed in:

5.4.0-1012.12

Ubuntu:20.04:LTSlinux-gcp

Fixed in:

5.4.0-1011.11

Ubuntu:20.04:LTSlinux-kvm

Fixed in:

5.4.0-1011.11

Ubuntu:20.04:LTSlinux-oracle

Fixed in:

5.4.0-1011.11

Ubuntu:20.04:LTSlinux-raspi

Fixed in:

5.4.0-1011.11

Ubuntu:20.04:LTSlinux-riscv

Fixed in:

5.4.0-26.30

References

REPORThttps://ubuntu.com/security/CVE-2019-19377 REPORThttps://ubuntu.com/security/CVE-2020-11565 REPORThttps://ubuntu.com/security/CVE-2020-12657 REPORThttps://ubuntu.com/security/CVE-2020-12826 ADVISORYhttps://ubuntu.com/security/notices/USN-4367-1

USN-4367-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline