


Urgent: Ubuntu update! Kernel vulnerability discovered that could lead to denial of service or arbitrary code execution
Ubuntu is a Linux operating system mainly based on desktop applications. It is open source free software that provides a robust, feature-rich computing environment suitable for both home use and business environments. Ubuntu provides commercial support to hundreds of companies around the world.
On December 2, Ubuntu released a security update that fixed important vulnerabilities such as system kernel denial of service and arbitrary code execution. The following are the vulnerability details:
Vulnerability details
Source: https://ubuntu.com/security/notices/USN-4658-1
1.CVE-2020-0423 CVSS score: 7.8 High
A race condition exists in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could exploit this vulnerability to cause a denial of service (system crash) or possibly execute arbitrary code.
2.CVE-2020-25645 CVSS Rating: 7.5 High
The GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not correctly select IP routes in some cases. An attacker could exploit this vulnerability to expose sensitive information (unencrypted network traffic).
3.CVE-2020-25643 CVSS Rating: 7.2 High
The hdlcppp implementation in the Linux kernel does not validate input correctly in some cases. A local attacker could exploit this vulnerability to cause a denial of service (system crash) or possibly execute arbitrary code.
4.CVE-2020-25211 CVSS Rating: 6.0 Medium
The netfilter connection tracker for netlink in the Linux kernel does not perform bounds checking correctly in some cases. A local attacker could exploit this vulnerability to cause a denial of service (system crash)
5.CVE-2020-14390 CVSS Rating: 5.6 Medium
It was discovered that the framebuffer implementation in the Linux kernel does not correctly handle some edge cases in software rollback. A local attacker could exploit this vulnerability to cause a denial of service (system crash) or possibly execute arbitrary code
6.CVE-2020-28915 CVSS Rating: 5.5 Medium
In some cases, it was discovered in the Linux kernel implementation that it did not perform framebuffer checks correctly. A local attacker could exploit this vulnerability to expose sensitive information (kernel memory).
7.CVE-2020-10135 CVSS Rating: 5.4 Medium
Legacy Pairing and Secure Connection Pairing Authentication in the Bluetooth protocol allows unauthenticated users to complete authentication with adjacent access without pairing credentials. A physically proximate attacker could exploit this to impersonate a previously paired Bluetooth device.
8.CVE-2020-25284 CVSS Rating: 4.1 Low
The Rados block device (rbd) driver in the Linux kernel does not properly perform access checks on rbd devices in some cases. A local attacker can use this feature to map or unmap the rbd block device.
9.CVE-2020-4788 CVSS Rating: 2.9 Low
Under certain circumstances, power9 processors may be forced to expose information from the L1 cache. A local attacker could exploit this vulnerability to expose sensitive information
Affected products and versions
This vulnerability affects Ubuntu 20.04 LTS and Ubuntu 18.04 LTS
solution
This issue can be resolved by updating the system to the following package versions:
Ubuntu 20.04:
linux-image-5.4.0-1028-kvm - 5.4.0-1028.29
linux-image-5.4.0-1030-aws - 5.4.0-1030.31
linux-image-5.4.0-1030-gcp - 5.4.0-1030.32
linux-image-5.4.0-1030-oracle - 5.4.0-1030.32
linux-image-5.4.0-1032-azure - 5.4.0-1032.33
linux-image-5.4.0-56-generic - 5.4.0-56.62
linux-image-5.4.0-56-generic-lpae - 5.4.0-56.62
linux-image-5.4.0-56-lowlatency - 5.4.0-56.62
linux-image-aws-5.4.0.1030.31
linux-image-azure-5.4.0.1032.30
linux-image-gcp-5.4.0.1030.38
linux-image-generic-5.4.0.56.59
linux-image-generic-hwe-20.04-5.4.0.56.59
linux-image-generic-lpae-5.4.0.56.59
linux-image-generic-lpae-hwe-20.04-5.4.0.56.59
linux-image-gke-5.4.0.1030.38
linux-image-kvm-5.4.0.1028.26
linux-image-lowlatency-5.4.0.56.59
linux-image-lowlatency-hwe-20.04-5.4.0.56.59
linux-image-oem-5.4.0.56.59
linux-image-oem-osp1-5.4.0.56.59
linux-image-oracle-5.4.0.1030.27
linux-image-virtual-5.4.0.56.59
linux-image-virtual-hwe-20.04-5.4.0.56.59
Ubuntu 18.04:
linux-image-5.4.0-1030-aws - 5.4.0-1030.31~18.04.1
linux-image-5.4.0-1030-gcp - 5.4.0-1030.32~18.04.1
linux-image-5.4.0-1030-oracle - 5.4.0-1030.32~18.04.1
linux-image-5.4.0-1032-azure - 5.4.0-1032.33~18.04.1
linux-image-5.4.0-56-generic - 5.4.0-56.62~18.04.1
linux-image-5.4.0-56-generic-lpae - 5.4.0-56.62~18.04.1
linux-image-5.4.0-56-lowlatency - 5.4.0-56.62~18.04.1
linux-image-aws-5.4.0.1030.15
linux-image-azure-5.4.0.1032.14
linux-image-gcp-5.4.0.1030.18
linux-image-generic-hwe-18.04-5.4.0.56.62~18.04.50
linux-image-generic-lpae-hwe-18.04-5.4.0.56.62~18.04.50
linux-image-lowlatency-hwe-18.04-5.4.0.56.62~18.04.50
linux-image-oem-osp1-5.4.0.56.62~18.04.50
linux-image-oracle-5.4.0.1030.14
linux-image-snapdragon-hwe-18.04-5.4.0.56.62~18.04.50
linux-image-virtual-hwe-18.04-5.4.0.56.62~18.04.50
For more vulnerability information and upgrades, please visit the official website:
https://www.php.cn/link/9c0badf6e91e4834393525f7dca1291d
The above is the detailed content of Urgent: Ubuntu update! Kernel vulnerability discovered that could lead to denial of service or arbitrary code execution. For more information, please follow other related articles on the PHP Chinese website!


For years, Linux software distribution relied on native formats like DEB and RPM, deeply ingrained in each distribution's ecosystem. However, Flatpak and Snap have emerged, promising a universal approach to application packaging. This article exami

The differences between Linux and Windows in handling device drivers are mainly reflected in the flexibility of driver management and the development environment. 1. Linux adopts a modular design, and the driver can be loaded and uninstalled dynamically. Developers need to have an in-depth understanding of the kernel mechanism. 2. Windows relies on the Microsoft ecosystem, and the driver needs to be developed through WDK and signed and certified. The development is relatively complex but ensures the stability and security of the system.

The security models of Linux and Windows each have their own advantages. Linux provides flexibility and customizability, enabling security through user permissions, file system permissions, and SELinux/AppArmor. Windows focuses on user-friendliness and relies on WindowsDefender, UAC, firewall and BitLocker to ensure security.

Linux and Windows differ in hardware compatibility: Windows has extensive driver support, and Linux depends on the community and vendors. To solve Linux compatibility problems, you can manually compile drivers, such as cloning RTL8188EU driver repository, compiling and installing; Windows users need to manage drivers to optimize performance.

The main differences between Linux and Windows in virtualization support are: 1) Linux provides KVM and Xen, with outstanding performance and flexibility, suitable for high customization environments; 2) Windows supports virtualization through Hyper-V, with a friendly interface, and is closely integrated with the Microsoft ecosystem, suitable for enterprises that rely on Microsoft software.

The main tasks of Linux system administrators include system monitoring and performance tuning, user management, software package management, security management and backup, troubleshooting and resolution, performance optimization and best practices. 1. Use top, htop and other tools to monitor system performance and tune it. 2. Manage user accounts and permissions through useradd commands and other commands. 3. Use apt and yum to manage software packages to ensure system updates and security. 4. Configure a firewall, monitor logs, and perform data backup to ensure system security. 5. Troubleshoot and resolve through log analysis and tool use. 6. Optimize kernel parameters and application configuration, and follow best practices to improve system performance and stability.

Learning Linux is not difficult. 1.Linux is an open source operating system based on Unix and is widely used in servers, embedded systems and personal computers. 2. Understanding file system and permission management is the key. The file system is hierarchical, and permissions include reading, writing and execution. 3. Package management systems such as apt and dnf make software management convenient. 4. Process management is implemented through ps and top commands. 5. Start learning from basic commands such as mkdir, cd, touch and nano, and then try advanced usage such as shell scripts and text processing. 6. Common errors such as permission problems can be solved through sudo and chmod. 7. Performance optimization suggestions include using htop to monitor resources, cleaning unnecessary files, and using sy


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool

SublimeText3 Linux new version
SublimeText3 Linux latest version

mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

Dreamweaver Mac version
Visual web development tools
