Canonical announced the release of a major Linux kernel update that fixes various vulnerabilities that affect Ubuntu 20.10, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS systems. The new versions are linux-image 5.8.0-31.33 for Ubuntu 20.10 (64-bit), linux-image 5.4.0-56.62 for Ubuntu 20.04 LTS (64-bit), linux-image 5.4.0-56.62~18.04.1 for Ubuntu 18.04 LTS (64-bit), and linux-image 4.4.0-197.229 for Ubuntu 16.04 LTS (64-bit).
Vulnerabilities
- CVE-2020-0423: A race condition existed in the binder IPC implementation, leading to a use-after-free vulnerability, allowing a local attacker to cause a denial of service or possibly execute arbitrary code.
- CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials.
- CVE-2020-14351: A race condition existed in the perf subsystem, leading to a use-after-free vulnerability, allowing an attacker with access to the perf subsystem to use this to cause a denial of service or possibly execute arbitrary code.
- CVE-2020-14390: The frame buffer implementation did not properly handle some edge cases in software scrollback allowing a local attacker to cause a denial of service or possibly execute arbitrary code.
- CVE-2020-25211: Netfilter connection tracker for netlink did not properly perform bounds checking in some situations allowing a local attacker to cause a denial of service.
- CVE-2020-25284: Rados block device (rbd) driver did not properly perform privilege checks for access to rbd devices in some situations allowing a local attacker to cause a denial of service or possibly execute arbitrary code.
- CVE-2020-25643: HDLC PPP implementation did not properly validate input in some situations allowing a local attacker to cause a denial of service or possibly execute arbitrary code.
- CVE-2020-25645: GENEVE tunnel implementation when combined with IPSec did not properly select IP routes in some situations allowing an attacker to expose sensitive information.
- CVE-2020-25705: ICMP global rate limiter could be used to assist in scanning open UDP ports allowing a remote attacker to facilitate attacks on UDP based services that depend on source port randomization.
- CVE-2020-28915: Framebuffer implementation did not properly perform range checks in certain situations allowing a local attacker to expose sensitive information.
- CVE-2020-4788: Power 9 processors could be coerced to expose information from the L1 cache in certain situations allowing a local attacker to expose sensitive information.