USN-5219-1

Details

It was discovered that the eBPF implementation in the Linux kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

Affected Packages

Ubuntu:20.04:LTSlinux-aws-5.11

Fixed in:

5.11.0-1025.27~20.04.1

Ubuntu:20.04:LTSlinux-azure-5.11

Fixed in:

5.11.0-1025.27~20.04.1

Ubuntu:20.04:LTSlinux-gcp-5.11

Fixed in:

5.11.0-1026.29~20.04.1

Ubuntu:20.04:LTSlinux-hwe-5.11

Fixed in:

5.11.0-46.51~20.04.1

Ubuntu:20.04:LTSlinux-oem-5.10

Fixed in:

5.10.0-1055.58

Ubuntu:20.04:LTSlinux-oracle-5.11

Fixed in:

5.11.0-1025.27~20.04.1

References

REPORThttps://launchpad.net/bugs/1956585 REPORThttps://ubuntu.com/security/CVE-2021-4204 ADVISORYhttps://ubuntu.com/security/notices/USN-5219-1

USN-5219-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline