Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5050-1)

high Nessus Plugin ID 152774

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5050-1 advisory.

- Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. (CVE-2020-26558)

- Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. (CVE-2021-0129)

- A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)

- A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)

- Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use- after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.
(CVE-2021-28691)

- net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. (CVE-2021-38208)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-5050-1

Plugin Details

Severity: High

ID: 152774

File Name: ubuntu_USN-5050-1.nasl

Version: 1.4

Type: local

Agent: unix

Published: 8/24/2021

Updated: 5/9/2022

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

Risk Information

CVSS Score Source: CVE-2021-3573

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-aws, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.8-cloud-tools-5.8.0-1042, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.8-headers-5.8.0-1042, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.8-tools-5.8.0-1042, p-cpe:/a:canonical:ubuntu_linux:linux-azure, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8-cloud-tools-5.8.0-1040, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8-headers-5.8.0-1040, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8-tools-5.8.0-1040, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.8.0-1038-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.8.0-1039-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.8.0-1040-azure, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.8.0-1042-aws, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.8.0-1040-azure, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.8.0-1042-aws, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure, p-cpe:/a:canonical:ubuntu_linux:linux-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.8-headers-5.8.0-1039, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.8-tools-5.8.0-1039, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.8.0-1038-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.8.0-1039-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.8.0-1040-azure, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.8.0-1042-aws, p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws, p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure, p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1038-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1039-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1040-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1042-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.8.0-1038-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.8.0-1039-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.8.0-1040-azure, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.8.0-1038-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.8.0-1039-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.8.0-1040-azure, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.8.0-1042-aws, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.8.0-1038-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.8.0-1039-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.8.0-1040-azure, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.8.0-1042-aws, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.8-headers-5.8.0-1038, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.8-tools-5.8.0-1038, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.8.0-1038-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.8.0-1039-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.8.0-1040-azure, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.8.0-1042-aws, p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws, p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure, p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 8/24/2021

Vulnerability Publication Date: 5/24/2021

Reference Information

CVE: CVE-2020-26558, CVE-2021-0129, CVE-2021-3564, CVE-2021-3573, CVE-2021-28691, CVE-2021-38208

USN: 5050-1