what you don't know can hurt you

Kernel Live Patch Security Notice LSN-0083-1

Kernel Live Patch Security Notice LSN-0083-1
Posted Jan 6, 2022
Authored by Benjamin M. Romer

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host’s physical memory. Other vulnerabilities have also been addressed.

tags | advisory, overflow, kernel, vulnerability
systems | linux
advisories | CVE-2018-25020, CVE-2021-22555, CVE-2021-33909, CVE-2021-3653, CVE-2021-4002
MD5 | ea5b87dd81116b156a1caaa3655d27de

Kernel Live Patch Security Notice LSN-0083-1

Change Mirror Download
Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM

Summary

Several security issues were fixed in the kernel.

Software Description

- linux - Linux kernel
- linux-aws - Linux kernel for Amazon Web Services (AWS) systems
- linux-azure - Linux kernel for Microsoft Azure Cloud systems
- linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke - Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop - Linux kernel for Google Container Engine (GKE) systems
- linux-oem - Linux kernel for OEM systems

Details

The BPF subsystem in the Linux kernel before 4.17
mishandles situations with a long jump over an instruction sequence
where inner instructions require substantial expansions into multiple
BPF instructions, leading to an overflow. This affects kernel/bpf/core.c
and net/core/filter.c. (CVE-2018-25020)

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
processors in the Linux kernel did not properly prevent a guest VM from
enabling AVIC in nested guest VMs. An attacker in a guest VM could use
this to write to portions of the host’s physical memory. (CVE-2021-3653)

Nadav Amit discovered that the hugetlb implementation in the Linux
kernel did not perform TLB flushes under certain conditions. A local
attacker could use this to leak or alter data from other processes that
use huge pages. (CVE-2021-4002)

Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
contained an out-of-bounds write in its setsockopt() implementation. A
local attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2021-22555)

It was discovered that the virtual file system implementation in the
Linux kernel contained an unsigned to signed integer conversion error. A
local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2021-33909)

Update instructions

The problem can be corrected by updating your kernel livepatch to the
following versions:

Ubuntu 20.04 LTS
aws - 83.1
azure - 83.1
gcp - 83.1
generic - 83.1
gke - 83.1
gkeop - 83.1
lowlatency - 83.1

Ubuntu 18.04 LTS
aws - 83.1
generic - 83.1
gke - 83.1
gke - 83.2
gkeop - 83.1
gkeop - 83.2
lowlatency - 83.1
oem - 83.1

Ubuntu 16.04 ESM
aws - 83.1
azure - 83.1
generic - 83.1
lowlatency - 83.1

Support Information

Kernels older than the levels listed below do not receive livepatch
updates. If you are running a kernel version earlier than the one listed
below, please upgrade your kernel as soon as possible.

Ubuntu 20.04 LTS
linux-aws - 5.4.0-1009
linux-azure - 5.4.0-1010
linux-gcp - 5.4.0-1009
linux-gke - 5.4.0-1033
linux-gkeop - 5.4.0-1009
linux-oem - 5.4.0-26
linux - 5.4.0-26

Ubuntu 18.04 LTS
linux-aws - 4.15.0-1054
linux-azure-4.15 - 4.15.0-1115
linux-gke-4.15 - 4.15.0-1076
linux-gke-5.4 - 5.4.0-1009
linux-gkeop-5.4 - 5.4.0-1007
linux-hwe-5.4 - 5.4.0-26
linux-oem - 4.15.0-1063
linux - 4.15.0-69

Ubuntu 16.04 ESM
linux-aws - 4.4.0-1098
linux-azure - 4.15.0-1063
linux-hwe - 4.15.0-143
linux - 4.4.0-168

Ubuntu 14.04 ESM
linux-lts-xenial - 4.4.0-168

References

- CVE-2018-25020
- CVE-2021-3653
- CVE-2021-4002
- CVE-2021-22555
- CVE-2021-33909



--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close