usn.ubuntu.com

Merge ~bromer/usn.ubuntu.com/+git/lsn:lsn into usn.ubuntu.com:master

  1. Git
  2. lp:~bromer/usn.ubuntu.com/+git/lsn
  3. lsn
  4. Merge into master
Proposed by Ben Romer
Status: Merged
Merged at revision: 82fa605613bbbe46eff60b0845ae7214e26b8cb3
Proposed branch: ~bromer/usn.ubuntu.com/+git/lsn:lsn
Merge into: usn.ubuntu.com:master
Diff against target: 103 lines (+97/-0)
1 file modified
content/lsn/0073-1.md (+97/-0)
Reviewer Review Type Date Requested Status
USN Website Team Pending
Review via email: mp+392706@code.launchpad.net
To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/content/lsn/0073-1.md b/content/lsn/0073-1.md
0new file mode 1006440new file mode 100644
index 0000000..0c43350
--- /dev/null
+++ b/content/lsn/0073-1.md
@@ -0,0 +1,97 @@
1---
2title: "LSN-0073-1: Kernel Live Patch Security Notice"
3permalink: /lsn/0073-1/index.html
4releases: [ubuntu-20.04-lts,ubuntu-18.04-lts]
5date: 2020-10-23 09:23:57
6description: "Several security issues were fixed in the kernel."
7---
8
9## Linux kernel vulnerabilities
10
11A security issue affects these releases of Ubuntu and its derivatives:
12
13* Ubuntu 18.04 LTS
14* Ubuntu 20.04 LTS
15
16### Summary
17
18Several security issues were fixed in the kernel.
19
20### Software Description
21
22* linux - Linux kernel
23* linux-aws - Linux kernel for Amazon Web Services (AWS) systems
24* linux-azure - Linux kernel for Microsoft Azure Cloud systems
25* linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
26* linux-oem - Linux kernel for OEM systems
27
28### Details
29
30Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
31kernel contained a type-confusion error. A physically proximate remote
32attacker could use this to cause a denial of service (system crash) or
33possibly execute arbitrary code. (CVE-2020-12351)
34
35Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
36kernel did not properly initialize memory in some situations. A physically
37proximate remote attacker could use this to expose sensitive information
38(kernel memory). (CVE-2020-12352)
39
40Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
41Linux kernel did not properly handle event advertisements of certain sizes,
42leading to a heap-based buffer overflow. A physically proximate remote
43attacker could use this to cause a denial of service (system crash) or
44possibly execute arbitrary code. (CVE-2020-24490)
45
46## Update instructions
47
48The problem can be corrected by updating your kernel livepatch to the following
49versions:
50
51Ubuntu 18.04 LTS
52: aws - 73.1
53: generic - 73.1
54: lowlatency - 73.1
55: oem - 73.1
56
57Ubuntu 20.04 LTS
58: aws - 73.1
59: azure - 73.1
60: gcp - 73.1
61: generic - 73.1
62: lowlatency - 73.1
63
64## Support Information
65
66Kernels older than the levels listed below do not receive livepatch
67updates. If you are running a kernel version earlier than the one listed
68below, please upgrade your kernel as soon as possible.
69
70Ubuntu 18.04 LTS
71: linux-aws - 4.15.0-1054
72: linux-azure - 5.0.0-1025
73: linux-gcp - 5.0.0-1025
74: linux-oem - 4.15.0-1063
75: linux - 4.15.0-69
76
77Ubuntu 20.04 LTS
78: linux-aws - 5.4.0-1009
79: linux-azure - 5.4.0-1010
80: linux-gcp - 5.4.0-1009
81: linux-oem - 5.4.0-26
82: linux - 5.4.0-26
83
84Ubuntu 16.04 LTS
85: linux-aws - 4.4.0-1098
86: linux-azure - 4.15.0-1063
87: linux-hwe - 4.15.0-69
88: linux - 4.4.0-168
89
90Ubuntu 14.04 ESM
91: linux-lts-xenial - 4.4.0-168
92
93## References
94
95* [CVE-2020-12351](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12351)
96* [CVE-2020-12352](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12352)
97* [CVE-2020-24490](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24490)

Subscribers

People subscribed via source and target branches