High
Canonical Ubuntu
Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) It was discovered that a race condition existed in the timer implementation in the Linux kernel. A privileged attacker could use this cause a denial of service. (CVE-2021-20317) It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389)
CVEs contained in this USN include: CVE-2021-3760, CVE-2021-43389, CVE-2021-4002, CVE-2021-20317, CVE-2021-20321, CVE-2021-41864.
Severity is high unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2022-03-08: Initial vulnerability report published.
CPE | Name | Operator | Version |
---|---|---|---|
bionic stemcells | lt | 1.54 | |
cflinuxfs3 | lt | 0.272.0 | |
cf deployment | lt | 18.0.0 |