usn-4912-1
Vulnerability from osv_ubuntu
Published
2021-04-13 21:35
Modified
2026-06-03 10:45
Summary
linux-oem-5.6 vulnerabilities
Details

Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-29154)

It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-0423)

It was discovered that the HID multitouch implementation within the Linux kernel did not properly validate input events in some situations. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-0465)

It was discovered that the eventpoll (aka epoll) implementation in the Linux kernel contained a logic error that could lead to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-0466)

It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14351)

It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14390)

It was discovered that a race condition existed in the hugetlb sysctl implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-25285)

It was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). (CVE-2020-25645)

Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669)

Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in the Linux kernel did not correctly handle setting line discipline in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-27830)

It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-36158)

Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-20194)

Adam Zabrocki discovered that the kprobes subsystem in the Linux kernel did not properly detect linker padding in some situations. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2021-3411)

吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. (CVE-2021-3178)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2020-0423",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-0465",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-0466",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-14351",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-14390",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-25285",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-25645",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-25669",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-27830",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-36158",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2021-3178",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "negligible",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2021-3411",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2021-20194",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2021-29154",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:20.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "linux-buildinfo-5.6.0-1053-oem",
            "binary_version": "5.6.0-1053.57"
          },
          {
            "binary_name": "linux-headers-5.6.0-1053-oem",
            "binary_version": "5.6.0-1053.57"
          },
          {
            "binary_name": "linux-image-unsigned-5.6.0-1053-oem",
            "binary_version": "5.6.0-1053.57"
          },
          {
            "binary_name": "linux-modules-5.6.0-1053-oem",
            "binary_version": "5.6.0-1053.57"
          },
          {
            "binary_name": "linux-oem-5.6-headers-5.6.0-1053",
            "binary_version": "5.6.0-1053.57"
          },
          {
            "binary_name": "linux-oem-5.6-tools-5.6.0-1053",
            "binary_version": "5.6.0-1053.57"
          },
          {
            "binary_name": "linux-oem-5.6-tools-host",
            "binary_version": "5.6.0-1053.57"
          },
          {
            "binary_name": "linux-tools-5.6.0-1053-oem",
            "binary_version": "5.6.0-1053.57"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:20.04:LTS",
        "name": "linux-oem-5.6",
        "purl": "pkg:deb/ubuntu/linux-oem-5.6@5.6.0-1053.57?arch=source\u0026distro=focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.6.0-1053.57"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "5.6.0-1007.7",
        "5.6.0-1008.8",
        "5.6.0-1010.10",
        "5.6.0-1011.11",
        "5.6.0-1013.13",
        "5.6.0-1017.17",
        "5.6.0-1018.18",
        "5.6.0-1020.20",
        "5.6.0-1021.21",
        "5.6.0-1023.23",
        "5.6.0-1026.26",
        "5.6.0-1027.27",
        "5.6.0-1028.28",
        "5.6.0-1031.32",
        "5.6.0-1032.33",
        "5.6.0-1033.35",
        "5.6.0-1034.36",
        "5.6.0-1035.37",
        "5.6.0-1036.39",
        "5.6.0-1039.43",
        "5.6.0-1042.46",
        "5.6.0-1047.51",
        "5.6.0-1048.52",
        "5.6.0-1050.54",
        "5.6.0-1052.56"
      ]
    }
  ],
  "aliases": [],
  "details": "Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux\nkernel did not properly validate computation of branch displacements in\nsome situations. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2021-29154)\n\nIt was discovered that a race condition existed in the binder IPC\nimplementation in the Linux kernel, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2020-0423)\n\nIt was discovered that the HID multitouch implementation within the Linux\nkernel did not properly validate input events in some situations. A\nphysically proximate attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2020-0465)\n\nIt was discovered that the eventpoll (aka epoll) implementation in the\nLinux kernel contained a logic error that could lead to a use after free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2020-0466)\n\nIt was discovered that a race condition existed in the perf subsystem of\nthe Linux kernel, leading to a use-after-free vulnerability. An attacker\nwith access to the perf subsystem could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2020-14351)\n\nIt was discovered that the frame buffer implementation in the Linux kernel\ndid not properly handle some edge cases in software scrollback. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2020-14390)\n\nIt was discovered that a race condition existed in the hugetlb sysctl\nimplementation in the Linux kernel. A privileged attacker could use this to\ncause a denial of service (system crash). (CVE-2020-25285)\n\nIt was discovered that the GENEVE tunnel implementation in the Linux kernel\nwhen combined with IPSec did not properly select IP routes in some\nsituations. An attacker could use this to expose sensitive information\n(unencrypted network traffic). (CVE-2020-25645)\n\nBodong Zhao discovered a use-after-free in the Sun keyboard driver\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service or possibly execute arbitrary code.\n(CVE-2020-25669)\n\nShisong Qin and Bodong Zhao discovered that Speakup screen reader driver in\nthe Linux kernel did not correctly handle setting line discipline in some\nsituations. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2020-27830)\n\nIt was discovered that the Marvell WiFi-Ex device driver in the Linux\nkernel did not properly validate ad-hoc SSIDs. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2020-36158)\n\nLoris Reiff discovered that the BPF implementation in the Linux kernel did\nnot properly validate attributes in the getsockopt BPF hook. A local\nattacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2021-20194)\n\nAdam Zabrocki discovered that the kprobes subsystem in the Linux kernel did\nnot properly detect linker padding in some situations. A privileged\nattacker could use this to cause a denial of service (system crash) or\npossibly expose sensitive information. (CVE-2021-3411)\n\n\u5434\u5f02 discovered that the NFS implementation in the Linux kernel did not\nproperly prevent access outside of an NFS export that is a subdirectory of\na file system. An attacker could possibly use this to bypass NFS access\nrestrictions. (CVE-2021-3178)\n",
  "id": "USN-4912-1",
  "modified": "2026-06-03T10:45:25Z",
  "published": "2021-04-13T21:35:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-4912-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-0423"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-0465"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-0466"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-14351"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-14390"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-25285"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-25645"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-25669"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-27830"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-36158"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-3178"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-3411"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-20194"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2021-29154"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "linux-oem-5.6 vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2020-0423",
    "UBUNTU-CVE-2020-0465",
    "UBUNTU-CVE-2020-0466",
    "UBUNTU-CVE-2020-14351",
    "UBUNTU-CVE-2020-14390",
    "UBUNTU-CVE-2020-25285",
    "UBUNTU-CVE-2020-25645",
    "UBUNTU-CVE-2020-25669",
    "UBUNTU-CVE-2020-27830",
    "UBUNTU-CVE-2020-36158",
    "UBUNTU-CVE-2021-3178",
    "UBUNTU-CVE-2021-3411",
    "UBUNTU-CVE-2021-20194",
    "UBUNTU-CVE-2021-29154"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…