Linux kernel vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 20.04 LTS
Summary
Several security issues were fixed in the kernel.
Software Description
– linux – Linux kernel
– linux-aws – Linux kernel for Amazon Web Services (AWS) systems
– linux-azure – Linux kernel for Microsoft Azure Cloud systems
– linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems
– linux-oem – Linux kernel for OEM systems
Details
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the
Linux kernel contained a type-confusion error. A physically proximate
remote attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the
Linux kernel did not properly initialize memory in some situations. A
physically proximate remote attacker could use this to expose sensitive
information (kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain
sizes, leading to a heap-based buffer overflow. A physically proximate
remote attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2020-24490)
Update instructions
The problem can be corrected by updating your kernel livepatch to the
following versions:
Ubuntu 18.04 LTS
aws – 73.1
generic – 73.1
lowlatency – 73.1
oem – 73.1
Ubuntu 20.04 LTS
aws – 73.1
azure – 73.1
gcp – 73.1
generic – 73.1
lowlatency – 73.1
Support Information
Kernels older than the levels listed below do not receive livepatch
updates. If you are running a kernel version earlier than the one listed
below, please upgrade your kernel as soon as possible.
Ubuntu 18.04 LTS
linux-aws – 4.15.0-1054
linux-azure – 5.0.0-1025
linux-gcp – 5.0.0-1025
linux-oem – 4.15.0-1063
linux – 4.15.0-69
Ubuntu 20.04 LTS
linux-aws – 5.4.0-1009
linux-azure – 5.4.0-1010
linux-gcp – 5.4.0-1009
linux-oem – 5.4.0-26
linux – 5.4.0-26
Ubuntu 16.04 LTS
linux-aws – 4.4.0-1098
linux-azure – 4.15.0-1063
linux-hwe – 4.15.0-69
linux – 4.4.0-168
Ubuntu 14.04 ESM
linux-lts-xenial – 4.4.0-168
References
– CVE-2020-12351
– CVE-2020-12352
– CVE-2020-24490
—
$downloadlink = get_field('download_link'); ?>