USN-4711-1

Details

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. (CVE-2020-28374)

Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2020-25704)

Affected Packages(13 packages)

linux-aws-hwe

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1093.99~16.04.1

linux-azure

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1106.118~16.04.1

linux-gcp

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1092.105~16.04.1

linux-oracle

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1064.71~16.04.1

linux-aws

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1093.99

linux-azure-4.15

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1106.118

linux-gcp-4.15

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1092.105

linux-gke-4.15

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1078.83

linux-kvm

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1084.86

linux-oracle

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1064.71

References

REPORThttps://ubuntu.com/security/CVE-2020-25704 REPORThttps://ubuntu.com/security/CVE-2020-28374 ADVISORYhttps://ubuntu.com/security/notices/USN-4711-1

USN-4711-1

Details

Affected Packages(13 packages)

References

Upstream

Ecosystems

Timeline