ID

VAR-202201-0496

CVE

CVE-2021-4197

TITLE

Linux Kernel  Authentication vulnerability in

DESCRIPTION

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. Linux Kernel There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The security impact is negligible as CAP_SYS_ADMIN inherently gives the ability to deny service. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5173-1 security@debian.org https://www.debian.org/security/ Ben Hutchings July 03, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2021-4197 CVE-2022-0494 CVE-2022-0812 CVE-2022-0854 CVE-2022-1011 CVE-2022-1012 CVE-2022-1016 CVE-2022-1048 CVE-2022-1184 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-2153 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23960 CVE-2022-26490 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-29581 CVE-2022-30594 CVE-2022-32250 CVE-2022-32296 CVE-2022-33981 Debian Bug : 922204 1006346 1013299 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2021-4197 Eric Biederman reported that incorrect permission checks in the cgroup process migration implementation can allow a local attacker to escalate privileges. CVE-2022-0494 The scsi_ioctl() was susceptible to an information leak only exploitable by users with CAP_SYS_ADMIN or CAP_SYS_RAWIO capabilities. CVE-2022-0812 It was discovered that the RDMA transport for NFS (xprtrdma) miscalculated the size of message headers, which could lead to a leak of sensitive information between NFS servers and clients. CVE-2022-0854 Ali Haider discovered a potential information leak in the DMA subsystem. On systems where the swiotlb feature is needed, this might allow a local user to read sensitive information. CVE-2022-1011 Jann Horn discovered a flaw in the FUSE (Filesystem in User-Space) implementation. A local user permitted to mount FUSE filesystems could exploit this to cause a use-after-free and read sensitive information. CVE-2022-1012, CVE-2022-32296 Moshe Kol, Amit Klein, and Yossi Gilad discovered a weakness in randomisation of TCP source port selection. CVE-2022-1016 David Bouman discovered a flaw in the netfilter subsystem where the nft_do_chain function did not initialize register data that nf_tables expressions can read from and write to. A local attacker can take advantage of this to read sensitive information. CVE-2022-1048 Hu Jiahui discovered a race condition in the sound subsystem that can result in a use-after-free. CVE-2022-1184 A flaw was discovered in the ext4 filesystem driver which can lead to a use-after-free. A local user permitted to mount arbitrary filesystems could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. CVE-2022-1195 Lin Ma discovered race conditions in the 6pack and mkiss hamradio drivers, which could lead to a use-after-free. CVE-2022-1198 Duoming Zhou discovered a race condition in the 6pack hamradio driver, which could lead to a use-after-free. CVE-2022-1199, CVE-2022-1204, CVE-2022-1205 Duoming Zhou discovered race conditions in the AX.25 hamradio protocol, which could lead to a use-after-free or null pointer dereference. CVE-2022-1353 The TCS Robot tool found an information leak in the PF_KEY subsystem. A local user can receive a netlink message when an IPsec daemon registers with the kernel, and this could include sensitive information. CVE-2022-1419 Minh Yuan discovered a race condition in the vgem virtual GPU driver that can lead to a use-after-free. A local user permitted to access the GPU device can exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. CVE-2022-1516 A NULL pointer dereference flaw in the implementation of the X.25 set of standardized network protocols, which can result in denial of service. This driver is not enabled in Debian's official kernel configurations. CVE-2022-1652 Minh Yuan discovered a race condition in the floppy driver that can lead to a use-after-free. A local user permitted to access a floppy drive device can exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. CVE-2022-1729 Norbert Slusarek discovered a race condition in the perf subsystem which could result in local privilege escalation to root. The default settings in Debian prevent exploitation unless more permissive settings have been applied in the kernel.perf_event_paranoid sysctl. CVE-2022-1734 Duoming Zhou discovered race conditions in the nfcmrvl NFC driver that could lead to a use-after-free, double-free or null pointer dereference. This driver is not enabled in Debian's official kernel configurations. CVE-2022-1974, CVE-2022-1975 Duoming Zhou discovered that the NFC netlink interface was suspectible to denial of service. CVE-2022-2153 "kangel" reported a flaw in the KVM implementation for x86 processors which could lead to a null pointer dereference. CVE-2022-21123, CVE-2022-21125, CVE-2022-21166 Various researchers discovered flaws in Intel x86 processors, collectively referred to as MMIO Stale Data vulnerabilities. These are similar to the previously published Microarchitectural Data Sampling (MDS) issues and could be exploited by local users to leak sensitive information. For some CPUs, the mitigations for these issues require updated microcode. An updated intel-microcode package may be provided at a later date. The updated CPU microcode may also be available as part of a system firmware ("BIOS") update. Further information on the mitigation can be found at <https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html> or in the linux-doc-4.19 package. CVE-2022-23960 Researchers at VUSec discovered that the Branch History Buffer in Arm processors can be exploited to create information side- channels with speculative execution. This issue is similar to Spectre variant 2, but requires additional mitigations on some processors. This was previously mitigated for 32-bit Arm (armel and armhf) architectures and is now also mitigated for 64-bit Arm (arm64). This can be exploited to obtain sensitive information from a different security context, such as from user-space to the kernel, or from a KVM guest to the kernel. CVE-2022-26490 Buffer overflows in the STMicroelectronics ST21NFCA core driver can result in denial of service or privilege escalation. This driver is not enabled in Debian's official kernel configurations. CVE-2022-27666 "valis" reported a possible buffer overflow in the IPsec ESP transformation code. CVE-2022-28356 "Beraphin" discovered that the ANSI/IEEE 802.2 LLC type 2 driver did not properly perform reference counting on some error paths. CVE-2022-28388 A double free vulnerability was discovered in the 8 devices USB2CAN interface driver. CVE-2022-28389 A double free vulnerability was discovered in the Microchip CAN BUS Analyzer interface driver. CVE-2022-28390 A double free vulnerability was discovered in the EMS CPC-USB/ARM7 CAN/USB interface driver. CVE-2022-29581 Kyle Zeng discovered a reference-counting bug in the cls_u32 network classifier which can lead to a use-after-free. CVE-2022-30594 Jann Horn discovered a flaw in the interaction between ptrace and seccomp subsystems. A process sandboxed using seccomp() but still permitted to use ptrace() could exploit this to remove the seccomp restrictions. CVE-2022-32250 Aaron Adams discovered a use-after-free in Netfilter which may result in local privilege escalation to root. CVE-2022-33981 Yuan Ming from Tsinghua University reported a race condition in the floppy driver involving use of the FDRAWCMD ioctl, which could lead to a use-after-free. A local user with access to a floppy drive device could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. This ioctl is now disabled by default. For the oldstable distribution (buster), these problems have been fixed in version 4.19.249-2. Due to an issue in the signing service (Cf. Debian bug #1012741), the vport-vxlan module cannot be loaded for the signed kernel for amd64 in this update. This update also corrects a regression in the network scheduler subsystem (bug #1013299). For the 32-bit Arm (armel and armhf) architectures, this update enables optimised implementations of several cryptographic and CRC algorithms. For at least AES, this should remove a timing side- channel that could lead to a leak of sensitive information. This update includes many more bug fixes from stable updates 4.19.236-4.19.249 inclusive, including for bug #1006346. The random driver has been backported from Linux 5.19, fixing numerous performance and correctness issues. Some changes will be visible: - - The entropy pool size is now 256 bits instead of 4096. You may need to adjust the configuration of system monitoring or user-space entropy gathering services to allow for this. - - On systems without a hardware RNG, the kernel may log more uses of /dev/urandom before it is fully initialised. These uses were previously under-counted and this is not a regression. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmLBuTxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TdzQ//Yxq7eTZmPsDVvj1ArPIDwE4w/CPyoYeXiiSBhWD4ueYAvWp3moPmUZmc a6is1JkP8MILLekkeAUJQjaxjHOn+kWIlfV7ZLJ7fzTrVjkHoQvzs8a8mv85ybaD sfQlVuEA7VPxfJI/4/31fIAuTPy1S+qd3r6qtESL2IQdZPFS8SOHwZrTt9DPGXhl XtY3XNm4fysgRmtDYNpqndluVXeTc39bXe9YBRG1bTdrI9QCTykSx2/HeZDOBiMQ Wb7cjXAUoy0q3c5QncTcqtgN3ax549qx/1oGZGXDlycZFOIE8vHMY3FyBXXURPz4 JgKkSf+NR87aeDi2SREjOm0CIp/laSc1VFxpf0TTT51kuPWhXzsleZ23eN2po106 UTyDFsNtNToHgoDpPFA/3GsioqirzbwwVUs0qKDeFdC1VZjJ5H+1JzO4JPbWGOTo rtoz64JHU9oIA3OJs3rYpgIphd6fzUfia89tuflE5/MkeAWSVP7f0rpUgGQy8gzw TdsN4p7aCLhQezMpFVKADIB1WfkBtXncDrPC//pxxnRZuu2efrlYv6se+dnOJM9/ WeDSm4hsi6u+MH7DBmVhDgjF/gatSbejud8rXYUcVKZArraj9k9rCArxcVKmJHMr 6teKhjSMX1B27AUJtTqSU1eEmErxbA+yEHCSEOW+8JNnLQZWDSI= =j1cH -----END PGP SIGNATURE----- . Summary: The Migration Toolkit for Containers (MTC) 1.7.2 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Solution: For details on how to install and use MTC, refer to: https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2038898 - [UI] ?Update Repository? option not getting disabled after adding the Replication Repository details to the MTC web console 2040693 - ?Replication repository? wizard has no validation for name length 2040695 - [MTC UI] ?Add Cluster? wizard stucks when the cluster name length is more than 63 characters 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048537 - Exposed route host to image registry? connecting successfully to invalid registry ?xyz.com? 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2055658 - [MTC UI] Cancel button on ?Migrations? page does not disappear when migration gets Failed/Succeeded with warnings 2056962 - [MTC UI] UI shows the wrong migration type info after changing the target namespace 2058172 - [MTC UI] Successful Rollback is not showing the green success icon in the ?Last State? field. 2058529 - [MTC UI] Migrations Plan is missing the type for the state migration performed before upgrade 2061335 - [MTC UI] ?Update cluster? button is not getting disabled 2062266 - MTC UI does not display logs properly [OADP-BL] 2062862 - [MTC UI] Clusters page behaving unexpectedly on deleting the remote cluster?s service account secret from backend 2074675 - HPAs of DeploymentConfigs are not being updated when migration from Openshift 3.x to Openshift 4.x 2076593 - Velero pod log missing from UI drop down 2076599 - Velero pod log missing from downloaded logs folder [OADP-BL] 2078459 - [MTC UI] Storageclass conversion plan is adding migstorage reference in migplan 2079252 - [MTC] Rsync options logs not visible in log-reader pod 2082221 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [UI] 2082225 - non-numeric user when launching stage pods [OADP-BL] 2088022 - Default CPU requests on Velero/Restic are too demanding making scheduling fail in certain environments 2088026 - Cloud propagation phase in migration controller is not doing anything due to missing labels on Velero pods 2089126 - [MTC] Migration controller cannot find Velero Pod because of wrong labels 2089411 - [MTC] Log reader pod is missing velero and restic pod logs [OADP-BL] 2089859 - [Crane] DPA CR is missing the required flag - Migration is getting failed at the EnsureCloudSecretPropagated phase due to the missing secret VolumeMounts 2090317 - [MTC] mig-operator failed to create a DPA CR due to null values are passed instead of int [OADP-BL] 2096939 - Fix legacy operator.yml inconsistencies and errors 2100486 - [MTC UI] Target storage class field is not getting respected when clusters don't have replication repo configured. Summary: Red Hat OpenShift Container Platform release 4.9.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.45. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2022:5878 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html Security Fix(es): * openshift: oauth-serving-cert configmap contains cluster certificate private key (CVE-2022-2403) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.45-x86_64 The image digest is sha256:8ab373599e8a010dffb9c7ed45e01c00cb06a7857fe21de102d978be4738b2ec (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.45-s390x The image digest is sha256:1dde8a7134081c82012a812e014daca4cba1095630e6d0c74b51da141d472984 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.45-ppc64le The image digest is sha256:ec1fac628bec05eb6425c2ae9dcd3fca120cd1a8678155350bb4c65813cfc30e All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2009024 - Unable to complete cluster destruction, some ports are left over 2055494 - console operator should report Upgradeable False when SAN-less certs are used 2083554 - post 1.23 rebase: regression in service-load balancer reliability 2087021 - configure-ovs.sh fails, blocking new RHEL node from being scaled up on cluster without manual reboot 2088539 - Openshift route URLs starting with double slashes stopped working after update to 4.8.33 - curl version problems 2091806 - Cluster upgrade stuck due to "resource deletions in progress" 2095320 - [4.9] Bootimage bump tracker 2097157 - [4.9z] During ovnkube-node restart all host conntrack entries are flushed, leading to traffic disruption 2100786 - [OCP 4.9] Ironic cannot match "wwn" rootDeviceHint for a multipath device 2101664 - disabling ipv6 router advertisements using "all" does not disable it on secondary interfaces 2101959 - CVE-2022-2403 openshift: oauth-serving-cert configmap contains cluster certificate private key 2103982 - [4.9] AWS EBS CSI driver stuck removing EBS volumes - GetDeviceMountRefs check failed 2105277 - NetworkPolicies: ovnkube-master pods crashing due to panic: "invalid memory address or nil pointer dereference" 2105453 - Node reboot causes duplicate persistent volumes 2105654 - egressIP panics with nil pointer dereference 2105663 - APIRequestCount does not identify some APIs removed in 4.9 2106655 - Kubelet slowly leaking memory and pods eventually unable to start 2108538 - [4.9.z backport] br-ex not created due to default bond interface having a different mac address than expected 2108619 - ClusterVersion history pruner does not always retain initial completed update entry 5. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYvKietzjgjWX9erEAQjQ7g/+Ok8sWBeaehUxS8YKMtNEdLzO8Eg5TKfA 3MoORr+P+WZIQFy7pN/GeKojlsy1ApnNEnc7j0qC2dibUBfguOWEoAMdds07DwF3 Jw3iANT5sJZv3s4yT9FvYu9Wnwl/iYJ9w8iH19oePFFKg0QtxAWUvSlIvp2eSZ1L yw86wqAzASDqc86Y0fkIvmxopq80lyI//rNqPXsATKq1oGFRstQmfUz+2UxonlMC tVUfRJjlPDZDU57EpBcxWH/TVPV/JdvcQPQEOJ+u+ZVg2H4qEwptqpgjZ4upYbMJ AAIymXUwmX9QHOcXSOiZ+1DZMJawj5ezkqGwQIl919w3bX/m6peQPbBBoYbXLSrS gtRwgshIIZTs6AzOOVm6+XOSKGRR/C9i1YjNUBF6oY4s+wVtYJvtRwdNrKtH7pCT b0FMcLGG0yo/pGuMfB6zmgEn/tEL0IGqoSeN5avb+NObEDYWMGru4sBjdaA66wu4 1JfPAP/yQ7rW0NXleJXjv9Xhdae7b8en9YxlsWLcp/QE8bppT6tjyIW/aVXEZZva /B1ACyosleJYYYYoqqbU97mCaG/LfH/fz7euD9GgJXOCjGNoHAkKe/DOXg7YTSZP aDbtU3ZeESqyRpAJ8nkM4lZLFTxYNmDp+8tWMx6UXQnNRBOMW4bEQRtzTQB+vrWH fzoc8e3L82I=ARFk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5467-1 June 08, 2022 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-azure-fde: Linux kernel for Microsoft Azure cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke: Linux kernel for Google Container Engine (GKE) systems - linux-gkeop: Linux kernel for Google Container Engine (GKE) systems - linux-ibm: Linux kernel for IBM cloud systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems - linux-gke-5.4: Linux kernel for Google Container Engine (GKE) systems - linux-gkeop-5.4: Linux kernel for Google Container Engine (GKE) systems - linux-hwe-5.4: Linux hardware enablement (HWE) kernel - linux-ibm-5.4: Linux kernel for IBM cloud systems - linux-oracle-5.4: Linux kernel for Oracle Cloud systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems Details: It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. (CVE-2022-1966) It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. (CVE-2022-1011) Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. (CVE-2022-1158) Duoming Zhou discovered that the 6pack protocol implementation in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. (CVE-2022-1198) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. (CVE-2022-1353) It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. (CVE-2022-1516) Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. (CVE-2022-24958) It was discovered that the USB SR9700 ethernet device driver for the Linux kernel did not properly validate the length of requests from the device. (CVE-2022-28390) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.4.0-1026-ibm 5.4.0-1026.29 linux-image-5.4.0-1046-gkeop 5.4.0-1046.48 linux-image-5.4.0-1065-raspi 5.4.0-1065.75 linux-image-5.4.0-1068-kvm 5.4.0-1068.72 linux-image-5.4.0-1074-gke 5.4.0-1074.79 linux-image-5.4.0-1076-oracle 5.4.0-1076.83 linux-image-5.4.0-1078-aws 5.4.0-1078.84 linux-image-5.4.0-1078-gcp 5.4.0-1078.84 linux-image-5.4.0-1083-azure 5.4.0-1083.87 linux-image-5.4.0-1083-azure-fde 5.4.0-1083.87+cvm1.1 linux-image-5.4.0-117-generic 5.4.0-117.132 linux-image-5.4.0-117-generic-lpae 5.4.0-117.132 linux-image-5.4.0-117-lowlatency 5.4.0-117.132 linux-image-aws-lts-20.04 5.4.0.1078.79 linux-image-azure-fde 5.4.0.1083.87+cvm1.24 linux-image-azure-lts-20.04 5.4.0.1083.81 linux-image-gcp-lts-20.04 5.4.0.1078.85 linux-image-generic 5.4.0.117.120 linux-image-generic-lpae 5.4.0.117.120 linux-image-gke 5.4.0.1074.83 linux-image-gke-5.4 5.4.0.1074.83 linux-image-gkeop 5.4.0.1046.48 linux-image-gkeop-5.4 5.4.0.1046.48 linux-image-ibm 5.4.0.1026.24 linux-image-ibm-lts-20.04 5.4.0.1026.24 linux-image-kvm 5.4.0.1068.66 linux-image-lowlatency 5.4.0.117.120 linux-image-oem 5.4.0.117.120 linux-image-oem-osp1 5.4.0.117.120 linux-image-oracle-lts-20.04 5.4.0.1076.75 linux-image-raspi 5.4.0.1065.98 linux-image-raspi2 5.4.0.1065.98 linux-image-virtual 5.4.0.117.120 Ubuntu 18.04 LTS: linux-image-5.4.0-1026-ibm 5.4.0-1026.29~18.04.1 linux-image-5.4.0-1046-gkeop 5.4.0-1046.48~18.04.1 linux-image-5.4.0-1065-raspi 5.4.0-1065.75~18.04.1 linux-image-5.4.0-1074-gke 5.4.0-1074.79~18.04.1 linux-image-5.4.0-1076-oracle 5.4.0-1076.83~18.04.1 linux-image-5.4.0-1078-aws 5.4.0-1078.84~18.04.1 linux-image-5.4.0-1083-azure 5.4.0-1083.87~18.04.1 linux-image-5.4.0-117-generic 5.4.0-117.132~18.04.1 linux-image-5.4.0-117-generic-lpae 5.4.0-117.132~18.04.1 linux-image-5.4.0-117-lowlatency 5.4.0-117.132~18.04.1 linux-image-aws 5.4.0.1078.59 linux-image-azure 5.4.0.1083.61 linux-image-generic-hwe-18.04 5.4.0.117.132~18.04.99 linux-image-generic-lpae-hwe-18.04 5.4.0.117.132~18.04.99 linux-image-gke-5.4 5.4.0.1074.79~18.04.37 linux-image-gkeop-5.4 5.4.0.1046.48~18.04.44 linux-image-ibm 5.4.0.1026.41 linux-image-lowlatency-hwe-18.04 5.4.0.117.132~18.04.99 linux-image-oem 5.4.0.117.132~18.04.99 linux-image-oem-osp1 5.4.0.117.132~18.04.99 linux-image-oracle 5.4.0.1076.83~18.04.54 linux-image-raspi-hwe-18.04 5.4.0.1065.65 linux-image-snapdragon-hwe-18.04 5.4.0.117.132~18.04.99 linux-image-virtual-hwe-18.04 5.4.0.117.132~18.04.99 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

authorization issue

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Debian

SOURCES

LAST UPDATE DATE

2024-11-07T19:25:19.669000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE