LSN-0073-1: Kernel Live Patch Security Notice
23 October 2020
Several security issues were fixed in the kernel.
Releases
Software Description
- aws - Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 5.4.0-1009)
- azure - Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010)
- gcp - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
- generic-4.15 - Linux kernel - (>= 4.15.0-69)
- generic-5.4 - Linux kernel - (>= 5.4.0-26)
- lowlatency-4.15 - Linux kernel - (>= 4.15.0-69)
- lowlatency-5.4 - Linux kernel - (>= 5.4.0-26)
- oem - Linux kernel for OEM systems - (>= 4.15.0-1063)
Details
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-24490)
Checking update status
The problem can be corrected in these Livepatch versions:
| Kernel type | 20.04 | 18.04 |
|---|---|---|
| aws | 73.1 | 73.1 |
| azure | 73.1 | — |
| gcp | 73.1 | — |
| generic-4.15 | — | 73.1 |
| generic-5.4 | 73.1 | — |
| lowlatency-4.15 | — | 73.1 |
| lowlatency-5.4 | 73.1 | — |
| oem | — | 73.1 |
To check your kernel type and Livepatch version, enter this command:
canonical-livepatch status