USN-5046-1

Details

It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)

Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-28691)

It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564)

It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3573)

It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2021-3587)

Affected Packages

Ubuntu:20.04:LTSlinux-hwe-5.11

Fixed in:

5.11.0-27.29~20.04.1

References

REPORThttps://ubuntu.com/security/CVE-2020-26558 REPORThttps://ubuntu.com/security/CVE-2021-0129 REPORThttps://ubuntu.com/security/CVE-2021-28691 REPORThttps://ubuntu.com/security/CVE-2021-3564 REPORThttps://ubuntu.com/security/CVE-2021-3573 REPORThttps://ubuntu.com/security/CVE-2021-3587 ADVISORYhttps://ubuntu.com/security/notices/USN-5046-1

USN-5046-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline