USN-4877-1

Details

It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-36158)

吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. (CVE-2021-3178)

Affected Packages(15 packages)

linux-aws-hwe

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1095.102~16.04.1

linux-azure

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1109.121~16.04.1

linux-gcp

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1094.107~16.04.1

linux-hwe

Ubuntu 16.04 LTS

Fixed in:

4.15.0-137.141~16.04.1

linux-oracle

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1066.74~16.04.1

linux

Ubuntu 18.04 LTS

Fixed in:

4.15.0-137.141

linux-aws

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1095.102

linux-azure-4.15

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1109.121

linux-dell300x

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1013.17

linux-gcp-4.15

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1094.107

References

REPORThttps://ubuntu.com/security/CVE-2020-36158 REPORThttps://ubuntu.com/security/CVE-2021-3178 ADVISORYhttps://ubuntu.com/security/notices/USN-4877-1

USN-4877-1

Details

Affected Packages(15 packages)

References

Upstream

Ecosystems

Timeline