USN-4711-1: Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4711-1
January 28, 2021
linux-aws, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
Details:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)
Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2020-25704)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-1064-oracle 4.15.0-1064.71
linux-image-4.15.0-1078-raspi2 4.15.0-1078.83
linux-image-4.15.0-1084-kvm 4.15.0-1084.86
linux-image-4.15.0-1093-aws 4.15.0-1093.99
linux-image-4.15.0-1095-snapdragon 4.15.0-1095.104
linux-image-aws-lts-18.04 4.15.0.1093.96
linux-image-kvm 4.15.0.1084.80
linux-image-oracle-lts-18.04 4.15.0.1064.74
linux-image-raspi2 4.15.0.1078.75
linux-image-snapdragon 4.15.0.1095.98
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4711-1
CVE-2020-25704, CVE-2020-28374
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1093.99
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1084.86
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1064.71
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1078.83
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1095.104
A Linux kernel security update has been released Ubuntu Linux 18.04 LTS.