LSN-0073-1: Kernel Live Patch Security Notice

23 October 2020

Several security issues were fixed in the kernel.

Releases

Software Description

  • aws - Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 5.4.0-1009)
  • azure - Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010)
  • gcp - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
  • generic-4.15 - Linux kernel - (>= 4.15.0-69)
  • generic-5.4 - Linux kernel - (>= 5.4.0-26)
  • lowlatency-4.15 - Linux kernel - (>= 4.15.0-69)
  • lowlatency-5.4 - Linux kernel - (>= 5.4.0-26)
  • oem - Linux kernel for OEM systems - (>= 4.15.0-1063)

Details

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)

Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)

Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-24490)

Checking update status

The problem can be corrected in these Livepatch versions:

Kernel type 20.04 18.04
aws 73.1 73.1
azure 73.1
gcp 73.1
generic-4.15 73.1
generic-5.4 73.1
lowlatency-4.15 73.1
lowlatency-5.4 73.1
oem 73.1

To check your kernel type and Livepatch version, enter this command: