USN-4713-1

Details

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.

Affected Packages(13 packages)

linux-aws-5.4

Ubuntu 18.04 LTS

Fixed in:

5.4.0-1037.39~18.04.1

linux-azure-5.4

Ubuntu 18.04 LTS

Fixed in:

5.4.0-1039.41~18.04.1

linux-gcp-5.4

Ubuntu 18.04 LTS

Fixed in:

5.4.0-1036.39~18.04.1

linux-gke-5.4

Ubuntu 18.04 LTS

Fixed in:

5.4.0-1035.37~18.04.1

linux-gkeop-5.4

Ubuntu 18.04 LTS

Fixed in:

5.4.0-1009.10~18.04.1

linux-oracle-5.4

Ubuntu 18.04 LTS

Fixed in:

5.4.0-1037.40~18.04.1

linux-raspi-5.4

Ubuntu 18.04 LTS

Fixed in:

5.4.0-1028.31~18.04.1

linux-aws

Ubuntu 20.04 LTS

Fixed in:

5.4.0-1037.39

linux-azure

Ubuntu 20.04 LTS

Fixed in:

5.4.0-1039.41

linux-gcp

Ubuntu 20.04 LTS

Fixed in:

5.4.0-1036.39

References

REPORThttps://ubuntu.com/security/CVE-2020-28374 ADVISORYhttps://ubuntu.com/security/notices/USN-4713-1

USN-4713-1

Details

Affected Packages(13 packages)

References

Upstream

Ecosystems

Timeline