Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4748-1)

high Nessus Plugin ID 147975
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4748-1 advisory.

- An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.
(CVE-2020-29374)

- An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)

- A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)

- A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
(CVE-2020-29661)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-4748-1

Plugin Details

Severity: High

ID: 147975

File Name: ubuntu_USN-4748-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 3/23/2021

Updated: 3/24/2021

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

CVSS Score Source: CVE-2020-29661

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:16.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1086-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1088-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1122-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1146-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1150-snapdragon, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-203-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-203-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-203-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial, p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic, p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid, p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily, p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial, p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon, p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual, p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic, p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid, p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily, p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/25/2021

Vulnerability Publication Date: 11/28/2020

Reference Information

CVE: CVE-2020-27815, CVE-2020-29374, CVE-2020-29568, CVE-2020-29660, CVE-2020-29661

USN: 4748-1