Lucene search
Ubuntu Security Notice (C) 2021-2024 Canonical, Inc. / NASL script (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4689-2.NASLHistoryJan 12, 2021 - 12:00 a.m.
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4689-2)
2021-01-1200:00:00
Ubuntu Security Notice (C) 2021-2024 Canonical, Inc. / NASL script (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.6%
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4689-2 advisory.
-
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure. (CVE-2021-1052)
-
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service. (CVE-2021-1053)
-
NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure. (CVE-2021-1056)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4689-2. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##
include('compat.inc');
if (description)
{
script_id(144869);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");
script_cve_id("CVE-2021-1052", "CVE-2021-1053", "CVE-2021-1056");
script_xref(name:"USN", value:"4689-2");
script_name(english:"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4689-2)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as
referenced in the USN-4689-2 advisory.
- NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode
layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy
privileged APIs, which may lead to denial of service, escalation of privileges, and information
disclosure. (CVE-2021-1052)
- NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode
layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may
lead to denial of service. (CVE-2021-1053)
- NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer
(nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU
device-level isolation, which may lead to denial of service or information disclosure. (CVE-2021-1056)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4689-2");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-1052");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/08");
script_set_attribute(attribute:"patch_publication_date", value:"2021/01/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1063-oracle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1092-aws");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1104-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-130-generic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-130-generic-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-130-lowlatency");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1034-gcp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1035-oracle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1036-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-60-generic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-60-generic-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-60-lowlatency");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.6.0-1042-oem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-36-generic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-36-generic-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-36-lowlatency");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2021-2024 Canonical, Inc. / NASL script (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
include('ksplice.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var kernel_mappings = {
'18.04': {
'4.15.0': {
'generic': '4.15.0-130',
'generic-lpae': '4.15.0-130',
'lowlatency': '4.15.0-130',
'oracle': '4.15.0-1063',
'aws': '4.15.0-1092',
'azure': '4.15.0-1104'
},
'5.4.0': {
'generic': '5.4.0-60',
'generic-lpae': '5.4.0-60',
'lowlatency': '5.4.0-60',
'gcp': '5.4.0-1034',
'oracle': '5.4.0-1035',
'azure': '5.4.0-1036'
}
},
'20.04': {
'5.4.0': {
'generic': '5.4.0-60',
'generic-lpae': '5.4.0-60',
'lowlatency': '5.4.0-60',
'gcp': '5.4.0-1034',
'oracle': '5.4.0-1035',
'azure': '5.4.0-1036'
},
'5.6.0': {
'oem': '5.6.0-1042'
},
'5.8.0': {
'generic': '5.8.0-36',
'generic-lpae': '5.8.0-36',
'lowlatency': '5.8.0-36'
}
}
};
var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);
var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
else
{
audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4689-2');
}
if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
var cve_list = make_list('CVE-2021-1052', 'CVE-2021-1053', 'CVE-2021-1056');
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4689-2');
}
else
{
extra = extra + ksplice_reporting_text();
}
}
if (extra) {
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | 18.04 | cpe:/o:canonical:ubuntu_linux:18.04:-:lts |
| canonical | ubuntu_linux | 20.04 | cpe:/o:canonical:ubuntu_linux:20.04:-:lts |
| canonical | ubuntu_linux | linux-image-4.15.0-1063-oracle | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1063-oracle |
| canonical | ubuntu_linux | linux-image-4.15.0-1092-aws | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1092-aws |
| canonical | ubuntu_linux | linux-image-4.15.0-1104-azure | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1104-azure |
| canonical | ubuntu_linux | linux-image-4.15.0-130-generic | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-130-generic |
| canonical | ubuntu_linux | linux-image-4.15.0-130-generic-lpae | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-130-generic-lpae |
| canonical | ubuntu_linux | linux-image-4.15.0-130-lowlatency | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-130-lowlatency |
| canonical | ubuntu_linux | linux-image-5.4.0-1034-gcp | p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1034-gcp |
| canonical | ubuntu_linux | linux-image-5.4.0-1035-oracle | p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1035-oracle |
Related
openvas
openvas
Ubuntu: Security Advisory (USN-4689-4)
2021-01-21 00:00:00
Mageia: Security Advisory (MGASA-2021-0026)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-4689-1)
2021-01-12 00:00:00
osv
osv
ubuntu
ubuntu
NVIDIA graphics drivers vulnerabilities
2021-01-11 00:00:00
NVIDIA graphics drivers vulnerabilities
2021-01-20 00:00:00
Linux kernel vulnerabilities
2021-01-11 00:00:00
threatpost
threatpost
NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs
2021-01-20 20:45:43
Nvidia Squashes High-Severity Jetson DoS Flaw
2021-01-26 22:11:54
archlinux
archlinux
[ASA-202101-19] nvidia-utils: multiple issues
2021-01-12 00:00:00
nessus
nessus
ubuntucve
ubuntucve
hp
hp
HPSBHF03710 rev. 6 - NVIDIA GPU Display Driver January 2021 Security Updates
2021-01-07 00:00:00
prion
prion
Input validation
2021-01-08 01:15:00
Information disclosure
2021-01-08 01:15:00
Information disclosure
2021-01-08 01:15:00
debiancve
debiancve
cvelist
cvelist
nvd
nvd
cve
cve
githubexploit
githubexploit
Exploit for Incorrect Default Permissions in Nvidia Gpu Driver
2021-01-08 11:29:48
nvidia
nvidia
Security Bulletin: NVIDIA GPU Display Driver - January 2021
2021-01-07 00:00:00
debian
debian
[SECURITY] [DLA 2888-1] nvidia-graphics-drivers security update
2022-01-18 20:42:16
lenovo
lenovo
gentoo
gentoo
NVIDIA Drivers: Multiple Vulnerabilities
2023-10-03 00:00:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.6%
Related for UBUNTU_USN-4689-2.NASL