Test ID:	1.3.6.1.4.1.25623.1.0.845006
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5016-1)
Summary:	The remote host is missing an update for the 'linux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp, linux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8, linux-raspi' package(s) announced via the USN-5016-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp, linux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8, linux-raspi' package(s) announced via the USN-5016-1 advisory. Vulnerability Insight: It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134) It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399) It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). (CVE-2021-3506) Affected Software/OS: 'linux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp, linux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8, linux-raspi' package(s) on Ubuntu 20.04, Ubuntu 20.10. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-23134 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QALNQT4LJFVSSA3MWCIECVY4AFPP4X77/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZYORWNQIHNWRFYRDXBWYWBYM46PDZEN/ https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d https://www.openwall.com/lists/oss-security/2021/05/11/4 https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html Common Vulnerability Exposure (CVE) ID: CVE-2021-32399 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80 https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80 http://www.openwall.com/lists/oss-security/2021/05/11/2 Common Vulnerability Exposure (CVE) ID: CVE-2021-33034 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/ https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3 https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1 Common Vulnerability Exposure (CVE) ID: CVE-2021-33909 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b https://security.netapp.com/advisory/ntap-20210819-0004/ Debian Security Information: DSA-4941 (Google Search) https://www.debian.org/security/2021/dsa-4941 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4UHHIGISO3FVRF4CQNJS4IKA25ATSFU/ http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html http://packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html https://www.openwall.com/lists/oss-security/2021/07/20/1 https://www.oracle.com/security-alerts/cpujan2022.html https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html http://www.openwall.com/lists/oss-security/2021/07/22/7 http://www.openwall.com/lists/oss-security/2021/08/25/10 http://www.openwall.com/lists/oss-security/2021/09/17/2 http://www.openwall.com/lists/oss-security/2021/09/17/4 http://www.openwall.com/lists/oss-security/2021/09/21/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-3506 https://bugzilla.redhat.com/show_bug.cgi?id=1944298 https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2520013.html https://www.openwall.com/lists/oss-security/2021/03/28/2 http://www.openwall.com/lists/oss-security/2021/05/08/1
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.