USN-4983-1: Linux kernel (OEM) vulnerabilities
3 June 2021
Several security issues were fixed in the Linux kernel.
Releases
Packages
- linux-oem-5.10 - Linux kernel for OEM systems
Details
Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel
did not properly enforce limits for pointer operations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-33200)
Piotr Krysiuk and Benedict Schlueter discovered that the eBPF
implementation in the Linux kernel performed out of bounds speculation on
pointer arithmetic. A local attacker could use this to expose sensitive
information. (CVE-2021-29155)
Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel
did not properly prevent speculative loads in certain situations. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2021-31829)
Reiji Watanabe discovered that the KVM VMX implementation in the Linux
kernel did not properly prevent user space from tampering with an array
index value, leading to a potential out-of-bounds write. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-3501)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
linux-image-5.10.0-1029-oem
-
5.10.0-1029.30
-
linux-image-oem-20.04
-
5.10.0.1029.30
-
linux-image-oem-20.04b
-
5.10.0.1029.30
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References
Related notices
- USN-4977-1: linux-image-generic-lpae-hwe-20.04-edge, linux-image-gke, linux-image-generic-lpae-hwe-20.04, linux-image-generic-64k-hwe-20.04-edge, linux-azure, linux-image-5.11.0-1008-kvm, linux-image-lowlatency-hwe-20.04, linux-image-raspi, linux-image-5.11.0-18-lowlatency, linux-image-5.11.0-1008-aws, linux-raspi, linux-aws, linux-image-generic, linux-image-5.11.0-1006-azure, linux-image-oem-20.04, linux-image-aws, linux-image-gcp, linux-gcp, linux, linux-image-5.11.0-1007-oracle, linux-image-5.11.0-18-generic, linux-oracle, linux-image-virtual-hwe-20.04-edge, linux-image-5.11.0-1009-raspi, linux-image-kvm, linux-image-azure, linux-image-generic-hwe-20.04, linux-image-generic-64k-hwe-20.04, linux-image-raspi-nolpae, linux-image-5.11.0-18-generic-lpae, linux-image-5.11.0-1008-gcp, linux-image-5.11.0-1009-raspi-nolpae, linux-image-generic-hwe-20.04-edge, linux-image-5.11.0-18-generic-64k, linux-image-generic-64k, linux-image-virtual-hwe-20.04, linux-image-lowlatency, linux-image-virtual, linux-image-oracle, linux-image-generic-lpae, linux-image-lowlatency-hwe-20.04-edge, linux-kvm
- USN-4999-1: linux-image-generic-lpae-hwe-20.04-edge, linux-image-gke, linux-image-generic-lpae-hwe-20.04, linux-image-generic-64k-hwe-20.04-edge, linux-azure, linux-image-generic-lpae, linux-image-lowlatency-hwe-20.04, linux-image-raspi, linux-image-5.8.0-1038-aws, linux-image-5.8.0-59-generic-lpae, linux-image-5.8.0-1036-azure, linux-raspi, linux-aws, linux-image-generic, linux-image-oem-20.04, linux-image-aws, linux-image-gcp, linux-gcp, linux, linux-oracle, linux-image-virtual-hwe-20.04-edge, linux-oracle-5.8, linux-gcp-5.8, linux-image-oracle-edge, linux-image-5.8.0-59-generic-64k, linux-azure-5.8, linux-image-azure-edge, linux-image-kvm, linux-image-azure, linux-image-5.8.0-1029-raspi-nolpae, linux-image-generic-hwe-20.04, linux-image-generic-64k-hwe-20.04, linux-image-5.8.0-59-lowlatency, linux-image-5.8.0-59-generic, linux-aws-5.8, linux-image-raspi-nolpae, linux-hwe-5.8, linux-image-generic-hwe-20.04-edge, linux-image-generic-64k, linux-image-virtual-hwe-20.04, linux-image-5.8.0-1035-gcp, linux-image-lowlatency, linux-image-virtual, linux-image-5.8.0-1029-raspi, linux-image-5.8.0-1030-kvm, linux-image-oracle, linux-image-gcp-edge, linux-image-5.8.0-1033-oracle, linux-image-lowlatency-hwe-20.04-edge, linux-kvm
- USN-4997-1: linux-image-generic-lpae-hwe-20.04-edge, linux-image-gke, linux-image-generic-lpae-hwe-20.04, linux-image-generic-64k-hwe-20.04-edge, linux-image-5.11.0-1009-azure, linux-azure, linux-image-5.11.0-22-generic-lpae, linux-image-lowlatency-hwe-20.04, linux-image-5.11.0-1012-raspi, linux-image-raspi, linux-image-5.11.0-22-generic, linux-raspi, linux-aws, linux-image-generic, linux-image-oem-20.04, linux-image-aws, linux-image-gcp, linux-gcp, linux, linux-oracle, linux-image-virtual-hwe-20.04-edge, linux-image-5.11.0-1010-oracle, linux-image-azure, linux-image-5.11.0-1011-gcp, linux-image-generic-hwe-20.04, linux-image-generic-64k-hwe-20.04, linux-image-raspi-nolpae, linux-image-generic-hwe-20.04-edge, linux-image-generic-64k, linux-image-virtual-hwe-20.04, linux-image-5.11.0-1012-raspi-nolpae, linux-image-lowlatency, linux-image-5.11.0-1011-aws, linux-image-virtual, linux-image-oracle, linux-image-generic-lpae, linux-image-5.11.0-22-lowlatency, linux-image-lowlatency-hwe-20.04-edge, linux-image-5.11.0-22-generic-64k
- USN-5000-1: linux-image-generic-hwe-18.04-edge, linux-image-5.4.0-1046-gcp, linux-image-5.4.0-77-lowlatency, linux-oracle-5.4, linux-image-gke, linux-image-raspi-hwe-18.04-edge, linux-azure, linux-azure-5.4, linux-image-snapdragon-hwe-18.04-edge, linux-image-generic-lpae, linux-gkeop-5.4, linux-gke-5.4, linux-image-raspi, linux-image-5.4.0-1048-oracle, linux-image-aws-edge, linux-image-snapdragon-hwe-18.04, linux-image-lowlatency-hwe-18.04-edge, linux-image-generic-hwe-18.04, linux-image-oem-osp1, linux-image-aws-lts-20.04, linux-image-5.4.0-77-generic, linux-image-5.4.0-77-generic-lpae, linux-image-oracle-lts-20.04, linux-image-lowlatency-hwe-18.04, linux-image-raspi2, linux-gkeop, linux-raspi, linux-aws, linux-image-generic, linux-image-raspi2-hwe-18.04-edge, linux-image-virtual-hwe-18.04-edge, linux-image-gke-5.4, linux-image-oem, linux-image-aws, linux-image-5.4.0-1018-gkeop, linux-image-gcp, linux-gcp, linux-image-virtual-hwe-18.04, linux, linux-oracle, linux-image-azure-lts-20.04, linux-image-gcp-lts-20.04, linux-image-oracle-edge, linux-image-gkeop, linux-image-5.4.0-1046-gke, linux-image-azure-edge, linux-gcp-5.4, linux-image-azure, linux-aws-5.4, linux-image-gkeop-5.4, linux-image-raspi-hwe-18.04, linux-image-raspi2-hwe-18.04, linux-image-5.4.0-1038-raspi, linux-hwe-5.4, linux-image-5.4.0-1051-azure, linux-image-generic-lpae-hwe-18.04-edge, linux-image-generic-lpae-hwe-18.04, linux-image-lowlatency, linux-image-virtual, linux-gke, linux-image-oracle, linux-image-5.4.0-1051-aws, linux-image-gcp-edge, linux-raspi-5.4
- USN-5000-2: linux-headers-kvm, linux-modules-5.4.0-1041-kvm, linux-tools-kvm, linux-image-unsigned-5.4.0-1041-kvm, linux-kvm-tools-5.4.0-1041, linux-tools-5.4.0-1041-kvm, linux-buildinfo-5.4.0-1041-kvm, linux-headers-5.4.0-1041-kvm, linux-image-kvm, linux-kvm-headers-5.4.0-1041, linux-image-5.4.0-1041-kvm, linux-kvm
- USN-4997-2: linux-kvm-tools-5.11.0-1009, linux-headers-kvm, linux-modules-5.11.0-1009-kvm, linux-tools-kvm, linux-buildinfo-5.11.0-1009-kvm, linux-tools-5.11.0-1009-kvm, linux-headers-5.11.0-1009-kvm, linux-kvm-headers-5.11.0-1009, linux-image-kvm, linux-image-unsigned-5.11.0-1009-kvm, linux-image-5.11.0-1009-kvm, linux-kvm
- USN-5018-1: linux-headers-4.15.0-151-generic-lpae, linux-tools-4.15.0-151, linux-azure-4.15-headers-4.15.0-1121, linux-image-gke, linux-image-4.15.0-1092-raspi2, linux-image-4.15.0-1109-aws, linux-image-generic, linux-headers-oracle-lts-18.04, linux-signed-image-oracle-lts-18.04, linux-signed-image-azure-edge, linux-cloud-tools-lowlatency, pcmcia-modules-4.15.0-151-generic-di, linux-image-generic-lpae-hwe-16.04-edge, linux-tools-snapdragon, linux-image-generic-hwe-16.04, linux-headers-azure-edge, linux-gcp-headers-4.15.0-1106, linux-headers-4.15.0-151-generic, linux-headers-4.15.0-1078-oracle, block-modules-4.15.0-151-generic-lpae-di, linux-cloud-tools-4.15.0-1109-aws, linux-azure-headers-4.15.0-1121, linux-signed-image-lowlatency-hwe-16.04, linux-tools-oem, linux-tools-gcp, linux-image-virtual-hwe-16.04-edge, input-modules-4.15.0-151-generic-di, multipath-modules-4.15.0-151-generic-di, parport-modules-4.15.0-151-generic-di, linux-tools-4.15.0-1109-snapdragon, linux-snapdragon-headers-4.15.0-1109, usb-modules-4.15.0-151-generic-di, linux-headers-virtual, linux-headers-4.15.0-1109-snapdragon, linux-azure-4.15-tools-4.15.0-1121, pata-modules-4.15.0-151-generic-di, linux-cloud-tools-virtual-hwe-16.04, linux-source-4.15.0, linux-tools-azure-lts-18.04, linux-headers-virtual-hwe-16.04-edge, vlan-modules-4.15.0-151-generic-di, linux-buildinfo-4.15.0-1097-kvm, linux-cloud-tools-azure, ipmi-modules-4.15.0-151-generic-di, linux-signed-azure-edge, fb-modules-4.15.0-151-generic-di, linux-generic-hwe-16.04-edge, linux-tools-generic-hwe-16.04-edge, dasd-modules-4.15.0-151-generic-di, linux-lowlatency, linux-udebs-generic, linux-tools-4.15.0-1078-oracle, linux-hwe-cloud-tools-4.15.0-151, linux-headers-azure-lts-18.04, linux-tools-4.15.0-1092-raspi2, linux-generic, linux-tools-generic-lpae-hwe-16.04-edge, linux-aws-tools-4.15.0-1109, linux-image-generic-hwe-16.04-edge, linux-image-unsigned-4.15.0-151-generic, linux-cloud-tools-generic-hwe-16.04-edge, linux-signed-image-azure, linux-modules-4.15.0-1121-azure, linux-hwe-tools-4.15.0-151, linux-tools-gcp-lts-18.04, linux-signed-azure-lts-18.04, linux-signed-generic-hwe-16.04, linux-image-kvm, linux-image-oracle-lts-18.04, linux-tools-azure, linux-tools-azure-edge, linux-image-lowlatency-hwe-16.04, linux-tools-generic, linux-image-unsigned-4.15.0-1106-gcp, linux-gcp-4.15-tools-4.15.0-1106, linux-tools-oracle, message-modules-4.15.0-151-generic-di, storage-core-modules-4.15.0-151-generic-di, linux-image-snapdragon, linux-kvm-tools-4.15.0-1097, linux-cloud-tools-virtual, vlan-modules-4.15.0-151-generic-lpae-di, linux-cloud-tools-common, linux, linux-headers-kvm, dasd-extra-modules-4.15.0-151-generic-di, linux-cloud-tools-virtual-hwe-16.04-edge, linux-azure-4.15, linux-headers-gke, linux-image-virtual, linux-azure-4.15-cloud-tools-4.15.0-1121, linux-image-lowlatency-hwe-16.04-edge, irda-modules-4.15.0-151-generic-di, linux-oracle-headers-4.15.0-1078, pcmcia-storage-modules-4.15.0-151-generic-di, fat-modules-4.15.0-151-generic-di, linux-buildinfo-4.15.0-151-generic, linux-signed-lowlatency, storage-core-modules-4.15.0-151-generic-lpae-di, linux-gcp-4.15, linux-image-4.15.0-1109-snapdragon, linux-buildinfo-4.15.0-1109-aws, floppy-modules-4.15.0-151-generic-di, linux-modules-4.15.0-151-generic, linux-headers-4.15.0-1092-raspi2, linux-tools-aws-hwe, linux-headers-4.15.0-1106-gcp, linux-image-oracle, linux-aws-hwe-cloud-tools-4.15.0-1109, linux-modules-extra-gcp-lts-18.04, linux-modules-4.15.0-1097-kvm, linux-raspi2-tools-4.15.0-1092, linux-image-4.15.0-151-lowlatency, linux-lowlatency-hwe-16.04-edge, mouse-modules-4.15.0-151-generic-di, linux-tools-lowlatency-hwe-16.04-edge, nfs-modules-4.15.0-151-generic-lpae-di, linux-cloud-tools-lowlatency-hwe-16.04, linux-generic-lpae, scsi-modules-4.15.0-151-generic-di, linux-image-azure-lts-18.04, sata-modules-4.15.0-151-generic-di, linux-headers-oracle, linux-aws-headers-4.15.0-1109, linux-image-extra-virtual-hwe-16.04-edge, linux-modules-extra-4.15.0-1078-oracle, linux-kvm, linux-modules-extra-aws-lts-18.04, linux-generic-hwe-16.04, linux-headers-generic, linux-azure, linux-tools-host, linux-tools-virtual-hwe-16.04-edge, linux-headers-lowlatency, linux-signed-generic, linux-tools-kvm, linux-virtual-hwe-16.04-edge, linux-image-generic-lpae-hwe-16.04, linux-image-extra-virtual-hwe-16.04, nfs-modules-4.15.0-151-generic-di, linux-signed-oracle, kernel-signed-image-4.15.0-151-generic-di, linux-headers-snapdragon, linux-gcp, plip-modules-4.15.0-151-generic-lpae-di, linux-oem, linux-signed-lowlatency-hwe-16.04, nic-usb-modules-4.15.0-151-generic-di, linux-source, linux-udebs-generic-lpae, kernel-image-4.15.0-151-generic-di, linux-tools-oracle-lts-18.04, linux-virtual, mouse-modules-4.15.0-151-generic-lpae-di, linux-headers-generic-hwe-16.04, linux-tools-generic-lpae, linux-cloud-tools-4.15.0-1121-azure, linux-libc-dev, linux-signed-lowlatency-hwe-16.04-edge, linux-aws, linux-lowlatency-hwe-16.04, linux-modules-4.15.0-151-generic-lpae, linux-signed-image-lowlatency, linux-modules-4.15.0-1109-aws, crypto-modules-4.15.0-151-generic-lpae-di, linux-image-extra-virtual, linux-modules-4.15.0-1106-gcp, linux-tools-4.15.0-1097-kvm, linux-tools-4.15.0-151-lowlatency, linux-image-virtual-hwe-16.04, ppp-modules-4.15.0-151-generic-lpae-di, linux-generic-lpae-hwe-16.04, linux-image-aws-hwe, linux-headers-gcp, linux-azure-cloud-tools-4.15.0-1121, linux-crashdump, linux-snapdragon-tools-4.15.0-1109, linux-tools-gke, linux-gcp-lts-18.04, linux-modules-extra-4.15.0-1121-azure, linux-image-unsigned-4.15.0-1121-azure, linux-buildinfo-4.15.0-1092-raspi2, linux-headers-4.15.0-1097-kvm, linux-headers-generic-lpae-hwe-16.04, linux-headers-4.15.0-1109-aws, linux-modules-4.15.0-1109-snapdragon, linux-headers-azure, linux-buildinfo-4.15.0-151-lowlatency, linux-generic-lpae-hwe-16.04-edge, linux-headers-lowlatency-hwe-16.04-edge, linux-modules-4.15.0-151-lowlatency, ppp-modules-4.15.0-151-generic-di, linux-headers-generic-lpae-hwe-16.04-edge, linux-cloud-tools-4.15.0-151-lowlatency, nic-modules-4.15.0-151-generic-lpae-di, nic-shared-modules-4.15.0-151-generic-lpae-di, input-modules-4.15.0-151-generic-lpae-di, usb-modules-4.15.0-151-generic-lpae-di, plip-modules-4.15.0-151-generic-di, irda-modules-4.15.0-151-generic-lpae-di, fat-modules-4.15.0-151-generic-lpae-di, linux-image-gcp, linux-cloud-tools-4.15.0-151-generic, linux-oracle-lts-18.04, linux-image-azure, linux-azure-tools-4.15.0-1121, linux-virtual-hwe-16.04, linux-headers-gcp-lts-18.04, linux-tools-4.15.0-1106-gcp, linux-headers-4.15.0-151-lowlatency, linux-image-4.15.0-1097-kvm, linux-headers-4.15.0-1121-azure, linux-signed-oem, linux-signed-oracle-lts-18.04, linux-tools-lowlatency-hwe-16.04, linux-cloud-tools-4.15.0-151, linux-cloud-tools-generic-hwe-16.04, linux-tools-virtual-hwe-16.04, md-modules-4.15.0-151-generic-lpae-di, nic-pcmcia-modules-4.15.0-151-generic-di, fs-secondary-modules-4.15.0-151-generic-di, linux-headers-aws-hwe, linux-aws-hwe-tools-4.15.0-1109, linux-aws-cloud-tools-4.15.0-1109, linux-buildinfo-4.15.0-1106-gcp, linux-headers-virtual-hwe-16.04, linux-signed-image-generic, linux-modules-extra-4.15.0-1106-gcp, linux-cloud-tools-azure-edge, linux-tools-virtual, linux-headers-aws-lts-18.04, linux-image-4.15.0-1106-gcp, linux-signed-image-azure-lts-18.04, linux-gcp-4.15-headers-4.15.0-1106, linux-raspi2-headers-4.15.0-1092, linux-buildinfo-4.15.0-1109-snapdragon, firewire-core-modules-4.15.0-151-generic-di, linux-aws-hwe, crypto-modules-4.15.0-151-generic-di, scsi-modules-4.15.0-151-generic-lpae-di, sata-modules-4.15.0-151-generic-lpae-di, linux-aws-lts-18.04, linux-image-unsigned-4.15.0-1078-oracle, linux-image-raspi2, linux-tools-generic-hwe-16.04, linux-signed-generic-hwe-16.04-edge, linux-signed-image-oem, linux-image-oem, linux-modules-extra-aws-hwe, linux-image-unsigned-4.15.0-151-lowlatency, md-modules-4.15.0-151-generic-di, linux-tools-lowlatency, linux-modules-4.15.0-1078-oracle, linux-image-4.15.0-1078-oracle, linux-hwe-udebs-generic, linux-signed-image-lowlatency-hwe-16.04-edge, linux-tools-4.15.0-151-generic, linux-kvm-headers-4.15.0-1097, linux-image-generic-lpae, linux-signed-image-oracle, nic-modules-4.15.0-151-generic-di, linux-modules-extra-azure, parport-modules-4.15.0-151-generic-lpae-di, linux-azure-edge, block-modules-4.15.0-151-generic-di, linux-tools-raspi2, linux-headers-generic-hwe-16.04-edge, linux-cloud-tools-lowlatency-hwe-16.04-edge, linux-modules-extra-azure-lts-18.04, linux-hwe, linux-cloud-tools-azure-lts-18.04, linux-image-azure-edge, linux-tools-4.15.0-151-generic-lpae, linux-signed-image-generic-hwe-16.04-edge, linux-headers-raspi2, linux-aws-edge, linux-tools-4.15.0-1121-azure, multipath-modules-4.15.0-151-generic-lpae-di, linux-modules-extra-4.15.0-1109-aws, linux-azure-lts-18.04, fs-secondary-modules-4.15.0-151-generic-lpae-di, kernel-image-4.15.0-151-generic-lpae-di, linux-signed-azure, linux-snapdragon, linux-doc, linux-modules-extra-4.15.0-151-generic, linux-modules-4.15.0-1092-raspi2, linux-tools-4.15.0-1109-aws, nic-shared-modules-4.15.0-151-generic-di, linux-modules-extra-gcp, linux-headers-lowlatency-hwe-16.04, linux-tools-aws-lts-18.04, serial-modules-4.15.0-151-generic-di, linux-tools-common, linux-tools-generic-lpae-hwe-16.04, linux-image-4.15.0-151-generic-lpae, linux-image-lowlatency, linux-headers-4.15.0-151, linux-gke, linux-oracle-tools-4.15.0-1078, linux-buildinfo-4.15.0-1121-azure, linux-modules-extra-azure-edge, linux-headers-oem, linux-cloud-tools-generic, linux-image-gcp-lts-18.04, linux-modules-extra-gke, virtio-modules-4.15.0-151-generic-di, linux-oracle, linux-image-4.15.0-151-generic, linux-raspi2, nic-usb-modules-4.15.0-151-generic-lpae-di, fs-core-modules-4.15.0-151-generic-lpae-di, linux-buildinfo-4.15.0-1078-oracle, linux-gcp-tools-4.15.0-1106, linux-image-4.15.0-1121-azure, fs-core-modules-4.15.0-151-generic-di, linux-image-aws-lts-18.04, linux-headers-generic-lpae, linux-buildinfo-4.15.0-151-generic-lpae, linux-signed-image-generic-hwe-16.04, ipmi-modules-4.15.0-151-generic-lpae-di