All Vulnerability Reports

USN-5361-1: Linux kernel vulnerabilities


Severity

Medium

Vendor

VMware Tanzu

Versions Affected

  • Canonical Ubuntu 16.04

Description

It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12888) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly verify certain fragmented frames. A physically proximate attacker could possibly use this issue to inject or decrypt packets. (CVE-2020-26141) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation accepted plaintext fragments in certain situations. A physically proximate attacker could use this issue to inject packets. (CVE-2020-26145) It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information (WiFi network traffic). (CVE-2020-3702) It was discovered a race condition existed in the Unix domain socket implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-0920) It was discovered that the IPv6 implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-0935) Zygo Blaxell discovered that the btrfs file system implementation in the Linux kernel contained a race condition during certain cloning operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-28964) Dan Carpenter discovered that the block device manager (dm) implementation in the Linux kernel contained a buffer overflow in the ioctl for listing devices. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2021-31916) It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-37159) It was discovered that the network packet filtering implementation in the Linux kernel did not properly initialize information in certain circumstances. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-39636) Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4083) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739) Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-43976) Amit Klein discovered that the IPv4 implementation in the Linux kernel could disclose internal state in some situations. An attacker could possibly use this to expose sensitive information. (CVE-2021-45486)

CVEs contained in this USN include: CVE-2020-12888, CVE-2021-28964, CVE-2021-31916, CVE-2020-26141, CVE-2020-26145, CVE-2021-37159, CVE-2020-3702, CVE-2021-42739, CVE-2021-4083, CVE-2021-43976, CVE-2021-0920, CVE-2021-0935, CVE-2021-39636, CVE-2021-45486

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

  • Tanzu Greenplum for Kubernetes
    • All versions prior to 2.0.0
  • Isolation Segment
    • 2.7.x versions with Xenial Stemcells prior to 456.261
    • 2.8.x versions with Xenial Stemcells prior to 621.236
    • 2.9.x versions with Xenial Stemcells prior to 621.236
    • 2.10.x versions with Xenial Stemcells prior to 621.236
    • 2.11.x versions with Xenial Stemcells prior to 621.236
    • 2.12.x versions with Xenial Stemcells prior to 621.236
  • Operations Manager
    • 2.9.x versions prior to 2.9.38
    • 2.10.x versions prior to 2.10.39
  • VMware Tanzu Application Service for VMs
    • 2.7.x versions with Xenial Stemcells prior to 456.261
    • 2.8.x versions with Xenial Stemcells prior to 621.236
    • 2.9.x versions with Xenial Stemcells prior to 621.236
    • 2.10.x versions with Xenial Stemcells prior to 621.236
    • 2.11.x versions with Xenial Stemcells prior to 621.236
    • 2.12.x versions with Xenial Stemcells prior to 621.236

Mitigation

Users of affected products are strongly encouraged to follow the mitigation below. On the Tanzu Network product page for each release, check the Depends On section and/or Release Notes for this information. Releases that have fixed this issue include:

  • Tanzu Greenplum for Kubernetes
    • 2.0.0
  • Isolation Segment
    • 2.7.x: Upgrade Xenial Stemcells to 456.261 or greater
    • 2.8.x: Upgrade Xenial Stemcells to 621.236 or greater
    • 2.9.x: Upgrade Xenial Stemcells to 621.236 or greater
    • 2.10.x: Upgrade Xenial Stemcells to 621.236 or greater
    • 2.11.x: Upgrade Xenial Stemcells to 621.236 or greater
    • 2.12.x: Upgrade Xenial Stemcells to 621.236 or greater
  • Operations Manager
    • 2.9.38
    • 2.10.39
  • VMware Tanzu Application Service for VMs
    • 2.7.x: Upgrade Xenial Stemcells to 456.261 or greater
    • 2.8.x: Upgrade Xenial Stemcells to 621.236 or greater
    • 2.9.x: Upgrade Xenial Stemcells to 621.236 or greater
    • 2.10.x: Upgrade Xenial Stemcells to 621.236 or greater
    • 2.11.x: Upgrade Xenial Stemcells to 621.236 or greater
    • 2.12.x: Upgrade Xenial Stemcells to 621.236 or greater

References

History

2022-07-25: Initial vulnerability report published.