Detections
Analytics

Ubuntu 21.04 : Linux kernel vulnerabilities (USN-4977-1)

high Nessus Plugin ID 150151

Language:

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4977-1 advisory.

 - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670)

 - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after- free which might lead to privilege escalations. (CVE-2020-25671)

 - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)

 - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. (CVE-2020-25673)

 - A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out- of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
 (CVE-2021-3501)

 - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. (CVE-2021-29155)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-4977-1

Plugin Details

Severity: High

ID: 150151

File Name: ubuntu_USN-4977-1.nasl

Version: 1.6

Type: local

Agent: unix

Published: 6/2/2021

Updated: 12/28/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-25671

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual, p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge, cpe:/o:canonical:ubuntu_linux:21.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1006-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1007-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1008-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1008-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1008-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-18-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-18-generic-64k, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-18-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-18-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-gke, p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/2/2021

Vulnerability Publication Date: 4/14/2021

Reference Information

CVE: CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-29155, CVE-2021-3501

USN: 4977-1