search
HomeSystem TutorialLINUXUrgent: Ubuntu update! Kernel vulnerability discovered that could lead to denial of service or arbitrary code execution

Ubuntu is a Linux operating system mainly based on desktop applications. It is open source free software that provides a robust, feature-rich computing environment suitable for both home use and business environments. Ubuntu provides commercial support to hundreds of companies around the world.

请尽快升级Ubuntu! 内核发现拒绝服务或执行任意代码漏洞

On December 2, Ubuntu released a security update that fixed important vulnerabilities such as system kernel denial of service and arbitrary code execution. The following are the vulnerability details:

Vulnerability details

Source: https://ubuntu.com/security/notices/USN-4658-1

1.CVE-2020-0423 CVSS score: 7.8 High

A race condition exists in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could exploit this vulnerability to cause a denial of service (system crash) or possibly execute arbitrary code.

2.CVE-2020-25645 CVSS Rating: 7.5 High

The GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not correctly select IP routes in some cases. An attacker could exploit this vulnerability to expose sensitive information (unencrypted network traffic).

3.CVE-2020-25643 CVSS Rating: 7.2 High

The hdlcppp implementation in the Linux kernel does not validate input correctly in some cases. A local attacker could exploit this vulnerability to cause a denial of service (system crash) or possibly execute arbitrary code.

4.CVE-2020-25211 CVSS Rating: 6.0 Medium

The netfilter connection tracker for netlink in the Linux kernel does not perform bounds checking correctly in some cases. A local attacker could exploit this vulnerability to cause a denial of service (system crash)

5.CVE-2020-14390 CVSS Rating: 5.6 Medium

It was discovered that the framebuffer implementation in the Linux kernel does not correctly handle some edge cases in software rollback. A local attacker could exploit this vulnerability to cause a denial of service (system crash) or possibly execute arbitrary code

6.CVE-2020-28915 CVSS Rating: 5.5 Medium

In some cases, it was discovered in the Linux kernel implementation that it did not perform framebuffer checks correctly. A local attacker could exploit this vulnerability to expose sensitive information (kernel memory).

7.CVE-2020-10135 CVSS Rating: 5.4 Medium

Legacy Pairing and Secure Connection Pairing Authentication in the Bluetooth protocol allows unauthenticated users to complete authentication with adjacent access without pairing credentials. A physically proximate attacker could exploit this to impersonate a previously paired Bluetooth device.

8.CVE-2020-25284 CVSS Rating: 4.1 Low

The Rados block device (rbd) driver in the Linux kernel does not properly perform access checks on rbd devices in some cases. A local attacker can use this feature to map or unmap the rbd block device.

9.CVE-2020-4788 CVSS Rating: 2.9 Low

Under certain circumstances, power9 processors may be forced to expose information from the L1 cache. A local attacker could exploit this vulnerability to expose sensitive information

Affected products and versions

This vulnerability affects Ubuntu 20.04 LTS and Ubuntu 18.04 LTS

solution

This issue can be resolved by updating the system to the following package versions:

Ubuntu 20.04:

linux-image-5.4.0-1028-kvm - 5.4.0-1028.29

linux-image-5.4.0-1030-aws - 5.4.0-1030.31

linux-image-5.4.0-1030-gcp - 5.4.0-1030.32

linux-image-5.4.0-1030-oracle - 5.4.0-1030.32

linux-image-5.4.0-1032-azure - 5.4.0-1032.33

linux-image-5.4.0-56-generic - 5.4.0-56.62

linux-image-5.4.0-56-generic-lpae - 5.4.0-56.62

linux-image-5.4.0-56-lowlatency - 5.4.0-56.62

linux-image-aws-5.4.0.1030.31

linux-image-azure-5.4.0.1032.30

linux-image-gcp-5.4.0.1030.38

linux-image-generic-5.4.0.56.59

linux-image-generic-hwe-20.04-5.4.0.56.59

linux-image-generic-lpae-5.4.0.56.59

linux-image-generic-lpae-hwe-20.04-5.4.0.56.59

linux-image-gke-5.4.0.1030.38

linux-image-kvm-5.4.0.1028.26

linux-image-lowlatency-5.4.0.56.59

linux-image-lowlatency-hwe-20.04-5.4.0.56.59

linux-image-oem-5.4.0.56.59

linux-image-oem-osp1-5.4.0.56.59

linux-image-oracle-5.4.0.1030.27

linux-image-virtual-5.4.0.56.59

linux-image-virtual-hwe-20.04-5.4.0.56.59

Ubuntu 18.04:

linux-image-5.4.0-1030-aws - 5.4.0-1030.31~18.04.1

linux-image-5.4.0-1030-gcp - 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1030-oracle - 5.4.0-1030.32~18.04.1

linux-image-5.4.0-1032-azure - 5.4.0-1032.33~18.04.1

linux-image-5.4.0-56-generic - 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-generic-lpae - 5.4.0-56.62~18.04.1

linux-image-5.4.0-56-lowlatency - 5.4.0-56.62~18.04.1

linux-image-aws-5.4.0.1030.15

linux-image-azure-5.4.0.1032.14

linux-image-gcp-5.4.0.1030.18

linux-image-generic-hwe-18.04-5.4.0.56.62~18.04.50

linux-image-generic-lpae-hwe-18.04-5.4.0.56.62~18.04.50

linux-image-lowlatency-hwe-18.04-5.4.0.56.62~18.04.50

linux-image-oem-osp1-5.4.0.56.62~18.04.50

linux-image-oracle-5.4.0.1030.14

linux-image-snapdragon-hwe-18.04-5.4.0.56.62~18.04.50

linux-image-virtual-hwe-18.04-5.4.0.56.62~18.04.50

For more vulnerability information and upgrades, please visit the official website:

https://www.php.cn/link/9c0badf6e91e4834393525f7dca1291d

The above is the detailed content of Urgent: Ubuntu update! Kernel vulnerability discovered that could lead to denial of service or arbitrary code execution. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:脚本之家. If there is any infringement, please contact admin@php.cn delete
The Future of Linux Software: Will Flatpak and Snap Replace Native Desktop Apps?The Future of Linux Software: Will Flatpak and Snap Replace Native Desktop Apps?Apr 25, 2025 am 09:10 AM

For years, Linux software distribution relied on native formats like DEB and RPM, deeply ingrained in each distribution's ecosystem. However, Flatpak and Snap have emerged, promising a universal approach to application packaging. This article exami

What are the differences in how Linux and Windows handle device drivers?What are the differences in how Linux and Windows handle device drivers?Apr 25, 2025 am 12:13 AM

The differences between Linux and Windows in handling device drivers are mainly reflected in the flexibility of driver management and the development environment. 1. Linux adopts a modular design, and the driver can be loaded and uninstalled dynamically. Developers need to have an in-depth understanding of the kernel mechanism. 2. Windows relies on the Microsoft ecosystem, and the driver needs to be developed through WDK and signed and certified. The development is relatively complex but ensures the stability and security of the system.

Compare and contrast the security models of Linux and Windows.Compare and contrast the security models of Linux and Windows.Apr 24, 2025 am 12:03 AM

The security models of Linux and Windows each have their own advantages. Linux provides flexibility and customizability, enabling security through user permissions, file system permissions, and SELinux/AppArmor. Windows focuses on user-friendliness and relies on WindowsDefender, UAC, firewall and BitLocker to ensure security.

How does hardware compatibility differ between Linux and Windows?How does hardware compatibility differ between Linux and Windows?Apr 23, 2025 am 12:15 AM

Linux and Windows differ in hardware compatibility: Windows has extensive driver support, and Linux depends on the community and vendors. To solve Linux compatibility problems, you can manually compile drivers, such as cloning RTL8188EU driver repository, compiling and installing; Windows users need to manage drivers to optimize performance.

What are the differences in virtualization support between Linux and Windows?What are the differences in virtualization support between Linux and Windows?Apr 22, 2025 pm 06:09 PM

The main differences between Linux and Windows in virtualization support are: 1) Linux provides KVM and Xen, with outstanding performance and flexibility, suitable for high customization environments; 2) Windows supports virtualization through Hyper-V, with a friendly interface, and is closely integrated with the Microsoft ecosystem, suitable for enterprises that rely on Microsoft software.

What are the main tasks of a Linux system administrator?What are the main tasks of a Linux system administrator?Apr 19, 2025 am 12:23 AM

The main tasks of Linux system administrators include system monitoring and performance tuning, user management, software package management, security management and backup, troubleshooting and resolution, performance optimization and best practices. 1. Use top, htop and other tools to monitor system performance and tune it. 2. Manage user accounts and permissions through useradd commands and other commands. 3. Use apt and yum to manage software packages to ensure system updates and security. 4. Configure a firewall, monitor logs, and perform data backup to ensure system security. 5. Troubleshoot and resolve through log analysis and tool use. 6. Optimize kernel parameters and application configuration, and follow best practices to improve system performance and stability.

Is it hard to learn Linux?Is it hard to learn Linux?Apr 18, 2025 am 12:23 AM

Learning Linux is not difficult. 1.Linux is an open source operating system based on Unix and is widely used in servers, embedded systems and personal computers. 2. Understanding file system and permission management is the key. The file system is hierarchical, and permissions include reading, writing and execution. 3. Package management systems such as apt and dnf make software management convenient. 4. Process management is implemented through ps and top commands. 5. Start learning from basic commands such as mkdir, cd, touch and nano, and then try advanced usage such as shell scripts and text processing. 6. Common errors such as permission problems can be solved through sudo and chmod. 7. Performance optimization suggestions include using htop to monitor resources, cleaning unnecessary files, and using sy

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

PhpStorm Mac version

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

SublimeText3 Linux new version

SublimeText3 Linux new version

SublimeText3 Linux latest version

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

Dreamweaver Mac version

Dreamweaver Mac version

Visual web development tools