USN-5211-1

Details

Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages.

Affected Packages

Ubuntu:Pro:14.04:LTSlinux

Fixed in:

3.13.0-189.240

Ubuntu:Pro:14.04:LTSlinux-aws

Fixed in:

4.4.0-1098.103

Ubuntu:Pro:14.04:LTSlinux-lts-xenial

Fixed in:

4.4.0-218.251~14.04.1

Ubuntu:Pro:16.04:LTSlinux

Fixed in:

4.4.0-218.251

Ubuntu:Pro:16.04:LTSlinux-aws

Fixed in:

4.4.0-1134.148

Ubuntu:Pro:16.04:LTSlinux-kvm

Fixed in:

4.4.0-1099.108

References

REPORThttps://ubuntu.com/security/CVE-2021-4002 ADVISORYhttps://ubuntu.com/security/notices/USN-5211-1

USN-5211-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline