Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4578-1)

high Nessus Plugin ID 141448

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4578-1 advisory.

- The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. (CVE-2018-10322)

- In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. (CVE-2019-19448)

- A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.
(CVE-2020-14314)

- A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)

- A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. (CVE-2020-26088)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

https://ubuntu.com/security/notices/USN-4578-1

Plugin Details

Severity: High

ID: 141448

File Name: ubuntu_USN-4578-1.nasl

Version: 1.6

Type: local

Agent: unix

Published: 10/14/2020

Updated: 10/21/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-19448

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2020-16119

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:16.04:-:lts, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1056-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1057-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1072-gke, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1073-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1077-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1085-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1086-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1089-snapdragon, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1098-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1099-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-120-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-120-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-120-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-121-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-121-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-121-lowlatency

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/14/2020

Vulnerability Publication Date: 4/24/2018

Reference Information

CVE: CVE-2018-10322, CVE-2019-19448, CVE-2020-14314, CVE-2020-16119, CVE-2020-16120, CVE-2020-25212, CVE-2020-26088

BID: 103960

USN: 4578-1