All Vulnerability Reports

USN-4578-1: Linux kernel vulnerabilities


Severity

High

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 16.04

Description

Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119)

Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10322)

It was discovered that the btrfs file system in the Linux kernel contained a use-after-free vulnerability when merging free space. An attacker could use this to construct a malicious btrfs image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2019-19448)

Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-14314)

Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. (CVE-2020-16120)

It was discovered that the NFS client implementation in the Linux kernel did not properly perform bounds checking before copying security labels in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25212)

It was discovered that the NFC implementation in the Linux kernel did not properly perform permissions checks when opening raw sockets. A local attacker could use this to create or listen to NFC traffic. (CVE-2020-26088)

CVEs contained in this USN include: CVE-2018-10322, CVE-2020-25212, CVE-2020-16119, CVE-2020-16120, CVE-2020-14314, CVE-2020-26088, CVE-2019-19448

Affected VMware Products and Versions

Severity is high unless otherwise noted.

Vulnerable Cloud Foundry components individually listed here. Impacted stemcells may be updated independently of upgrading Tanzu Application Service or Isolation Segment.

  • Isolation Segment
    • 2.7.x versions prior to 2.7.26
    • 2.8.x versions prior to 2.8.20
    • 2.9.x versions prior to 2.9.14
    • 2.10.x versions prior to 2.10.6
  • Operations Manager
    • 2.7 versions prior to 2.7.25
    • 2.9 versions prior to 2.9.12
    • 2.10 versions prior to 2.10.3
  • VMware Tanzu Application Service for VMs
    • 2.7.x versions prior to 2.7.26
    • 2.8.x versions prior to 2.8.20
    • 2.9.x versions prior to 2.9.14
    • 2.10.x versions prior to 2.10.6

Mitigation

Users of affected products are strongly encouraged to follow the mitigation below. The Cloud Foundry security team recommends upgrading the affected OSS components listed here if applicable. Upgrade VMware Tanzu products that use earlier versions of CF components to new Tanzu releases using new versions linked above. On the Tanzu Network product page for each release, check the Depends On section and/or Release Notes for this information. Releases that have fixed this issue include:

  • Isolation Segment
    • 2.7.26
    • 2.8.20
    • 2.9.14
    • 2.10.6
  • Operations Manager
    • 2.7.25
    • 2.9.12
    • 2.10.3
  • VMware Tanzu Application Service for VMs
    • 2.7.26
    • 2.8.20
    • 2.9.14
    • 2.10.6

References

History

2020-11-20: Initial vulnerability report published.