USN-4877-1

Details

It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-36158)

吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. (CVE-2021-3178)

Affected Packages

Ubuntu:16.04:LTSlinux-aws-hwe

Fixed in:

4.15.0-1095.102~16.04.1

Ubuntu:16.04:LTSlinux-azure

Fixed in:

4.15.0-1109.121~16.04.1

Ubuntu:16.04:LTSlinux-gcp

Fixed in:

4.15.0-1094.107~16.04.1

Ubuntu:16.04:LTSlinux-hwe

Fixed in:

4.15.0-137.141~16.04.1

Ubuntu:16.04:LTSlinux-oracle

Fixed in:

4.15.0-1066.74~16.04.1

Ubuntu:18.04:LTSlinux

Fixed in:

4.15.0-137.141

Ubuntu:18.04:LTSlinux-aws

Fixed in:

4.15.0-1095.102

Ubuntu:18.04:LTSlinux-azure-4.15

Fixed in:

4.15.0-1109.121

Ubuntu:18.04:LTSlinux-dell300x

Fixed in:

4.15.0-1013.17

Ubuntu:18.04:LTSlinux-gcp-4.15

Fixed in:

4.15.0-1094.107

Ubuntu:18.04:LTSlinux-kvm

Fixed in:

4.15.0-1086.88

Ubuntu:18.04:LTSlinux-oracle

Fixed in:

4.15.0-1066.74

Ubuntu:18.04:LTSlinux-raspi2

Fixed in:

4.15.0-1080.85

Ubuntu:18.04:LTSlinux-snapdragon

Fixed in:

4.15.0-1097.106

Ubuntu:Pro:14.04:LTSlinux-azure

Fixed in:

4.15.0-1109.121~14.04.1

References

REPORThttps://ubuntu.com/security/CVE-2020-36158 REPORThttps://ubuntu.com/security/CVE-2021-3178 ADVISORYhttps://ubuntu.com/security/notices/USN-4877-1

USN-4877-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline