Canonical Ubuntu Linux vulnerabilities

CVE-2021-32549 [MEDIUM] CWE-59 CVE-2021-32549: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.

CVE-2021-32551 [MEDIUM] CWE-59 CVE-2021-32551: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.

CVE-2021-32554 [MEDIUM] CWE-59 CVE-2021-32554: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.

CVE-2021-32552 [MEDIUM] CWE-59 CVE-2021-32552: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.

CVE-2021-32547 [MEDIUM] CWE-59 CVE-2021-32547: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.

CVE-2021-32555 [MEDIUM] CWE-59 CVE-2021-32555: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.

CVE-2021-3489 [HIGH] CWE-119 CVE-2021-3489: The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringb

CVE-2021-3491 [HIGH] CWE-131 CVE-2021-3491: The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROV The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc//mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate

CVE-2021-3490 [HIGH] CWE-20 CVE-2021-3490: The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properl The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations")

CVE-2020-15078 [HIGH] CWE-305 CVE-2020-15078: OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access con OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

CVE-2021-3492 [HIGH] CWE-401 CVE-2021-3492: Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly hand Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing

CVE-2021-3493 [HIGH] CWE-270 CVE-2021-3493: The overlayfs implementation in the linux kernel did not properly validate with respect to user name The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain

CVE-2013-1054 [MEDIUM] CWE-404 CVE-2013-1054: The unity-firefox-extension package could be tricked into destroying the Unity webapps context, caus The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.

CVE-2013-1055 [MEDIUM] CWE-404 CVE-2013-1055: The unity-firefox-extension package could be tricked into dropping a C callback which was still in u The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of u

CVE-2021-3444 [HIGH] CWE-681 CVE-2021-3444: The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation w The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could pote

CVE-2020-27170 [MEDIUM] CWE-203 CVE-2020-27170: An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirabl An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.

CVE-2020-27171 [MEDIUM] CWE-193 CVE-2020-27171: An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one e An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.

CVE-2021-27364 [HIGH] CWE-125 CVE-2021-27364: An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is a An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.

CVE-2020-16120 [MEDIUM] CWE-266 CVE-2020-16120: Overlayfs did not properly perform permission checking when copying up files in an overlayfs and cou Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device.

CVE-2020-16119 [HIGH] CWE-416 CVE-2020-16119: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a D Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.