USN-5003-1

Details

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609)

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. (CVE-2021-3600)

Or Cohen discovered that the SCTP implementation in the Linux kernel contained a race condition in some situations, leading to a use-after-free condition. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23133)

Affected Packages

Ubuntu:18.04:LTSlinux

Fixed in:

4.15.0-147.151

Ubuntu:18.04:LTSlinux-aws

Fixed in:

4.15.0-1106.113

Ubuntu:18.04:LTSlinux-azure-4.15

Fixed in:

4.15.0-1118.131

Ubuntu:18.04:LTSlinux-dell300x

Fixed in:

4.15.0-1022.26

Ubuntu:18.04:LTSlinux-gcp-4.15

Fixed in:

4.15.0-1103.116

Ubuntu:18.04:LTSlinux-oracle

Fixed in:

4.15.0-1075.83

Ubuntu:18.04:LTSlinux-raspi2

Fixed in:

4.15.0-1089.94

Ubuntu:18.04:LTSlinux-snapdragon

Fixed in:

4.15.0-1106.115

Ubuntu:Pro:14.04:LTSlinux-azure

Fixed in:

4.15.0-1118.131~14.04.1

Ubuntu:Pro:16.04:LTSlinux-aws-hwe

Fixed in:

4.15.0-1106.113~16.04.1

Ubuntu:Pro:16.04:LTSlinux-azure

Fixed in:

4.15.0-1118.131~16.04.1

Ubuntu:Pro:16.04:LTSlinux-gcp

Fixed in:

4.15.0-1103.116~16.04.1

Ubuntu:Pro:16.04:LTSlinux-hwe

Fixed in:

4.15.0-147.151~16.04.1

Ubuntu:Pro:16.04:LTSlinux-oracle

Fixed in:

4.15.0-1075.83~16.04.1

References

REPORThttps://ubuntu.com/security/CVE-2021-23133 REPORThttps://ubuntu.com/security/CVE-2021-3600 REPORThttps://ubuntu.com/security/CVE-2021-3609 ADVISORYhttps://ubuntu.com/security/notices/USN-5003-1

USN-5003-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline