USN-4983-1: Linux kernel (OEM) vulnerabilities

03 June 2021

Several security issues were fixed in the Linux kernel.

Releases

Packages

Details

Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel
did not properly enforce limits for pointer operations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-33200)

Piotr Krysiuk and Benedict Schlueter discovered that the eBPF
implementation in the Linux kernel performed out of bounds speculation on
pointer arithmetic. A local attacker could use this to expose sensitive
information. (CVE-2021-29155)

Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel
did not properly prevent speculative loads in certain situations. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2021-31829)

Reiji Watanabe discovered that the KVM VMX implementation in the Linux
kernel did not properly prevent user space from tampering with an array
index value, leading to a potential out-of-bounds write. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-3501)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

Related notices

  • USN-4999-1: linux-image-virtual-hwe-20.04-edge, linux-azure-5.8, linux-image-azure-edge, linux-image-aws, linux-image-generic-lpae-hwe-20.04, linux-oracle-5.8, linux-image-generic-hwe-20.04, linux-image-oracle-edge, linux-image-raspi-nolpae, linux-image-5.8.0-1029-raspi, linux-raspi, linux-image-lowlatency, linux-image-gke, linux-image-oracle, linux-image-generic-hwe-20.04-edge, linux-image-azure, linux-image-5.8.0-1030-kvm, linux-image-generic-lpae-hwe-20.04-edge, linux-image-generic-64k, linux-image-oem-20.04, linux-image-raspi, linux-image-5.8.0-1036-azure, linux-gcp-5.8, linux-aws-5.8, linux-hwe-5.8, linux-image-virtual-hwe-20.04, linux-oracle, linux-image-5.8.0-1029-raspi-nolpae, linux, linux-image-generic, linux-image-generic-lpae, linux-image-5.8.0-59-generic-64k, linux-aws, linux-image-kvm, linux-kvm, linux-azure, linux-image-5.8.0-1033-oracle, linux-image-gcp, linux-image-gcp-edge, linux-image-generic-64k-hwe-20.04, linux-image-lowlatency-hwe-20.04, linux-image-lowlatency-hwe-20.04-edge, linux-gcp, linux-image-5.8.0-1038-aws, linux-image-5.8.0-59-generic, linux-image-5.8.0-59-lowlatency, linux-image-virtual, linux-image-generic-64k-hwe-20.04-edge, linux-image-5.8.0-59-generic-lpae, linux-image-5.8.0-1035-gcp
  • USN-5000-1: linux-aws-5.4, linux-image-raspi2-hwe-18.04, linux-image-azure-edge, linux-image-aws, linux-image-5.4.0-1051-aws, linux-image-5.4.0-1038-raspi, linux-image-raspi2, linux-image-5.4.0-1051-azure, linux-image-oracle-edge, linux-image-raspi2-hwe-18.04-edge, linux-image-lowlatency-hwe-18.04, linux-image-gke-5.4, linux-image-virtual-hwe-18.04-edge, linux-raspi, linux-image-lowlatency, linux-image-5.4.0-77-generic, linux-image-gke, linux-image-oracle, linux-gke, linux-gkeop, linux-image-oem, linux-image-virtual-hwe-18.04, linux-image-5.4.0-77-lowlatency, linux-raspi-5.4, linux-image-azure, linux-image-oem-osp1, linux-image-gkeop, linux-image-raspi, linux-oracle-5.4, linux-image-aws-lts-20.04, linux-image-5.4.0-77-generic-lpae, linux-image-oracle-lts-20.04, linux-image-5.4.0-1046-gcp, linux-image-generic-lpae-hwe-18.04, linux-oracle, linux-image-generic, linux-image-generic-lpae, linux-image-snapdragon-hwe-18.04-edge, linux-image-generic-hwe-18.04, linux-aws, linux-image-raspi-hwe-18.04, linux-image-generic-lpae-hwe-18.04-edge, linux-image-5.4.0-1048-oracle, linux-azure-5.4, linux-azure, linux-gkeop-5.4, linux-image-5.4.0-1018-gkeop, linux-image-aws-edge, linux-image-gcp-lts-20.04, linux-image-azure-lts-20.04, linux-image-gkeop-5.4, linux-gcp-5.4, linux-image-raspi-hwe-18.04-edge, linux-image-gcp, linux-image-gcp-edge, linux-image-snapdragon-hwe-18.04, linux-gke-5.4, linux-hwe-5.4, linux-image-generic-hwe-18.04-edge, linux-gcp, linux-image-virtual, linux-image-5.4.0-1046-gke, linux-image-lowlatency-hwe-18.04-edge, linux
  • USN-4977-1: linux-image-virtual-hwe-20.04-edge, linux-image-aws, linux-image-generic-lpae-hwe-20.04, linux-image-5.11.0-1009-raspi-nolpae, linux-image-generic-hwe-20.04, linux-image-5.11.0-1008-aws, linux-image-raspi-nolpae, linux-image-5.11.0-18-generic-64k, linux-raspi, linux-image-lowlatency, linux-image-gke, linux-image-oracle, linux-image-generic-hwe-20.04-edge, linux-image-5.11.0-1006-azure, linux-image-5.11.0-18-generic, linux-image-azure, linux-image-oem-20.04, linux-image-generic-lpae-hwe-20.04-edge, linux-image-generic-64k, linux-image-raspi, linux-image-5.11.0-18-lowlatency, linux-image-5.11.0-1008-kvm, linux-image-5.11.0-1009-raspi, linux-image-virtual-hwe-20.04, linux-oracle, linux-image-generic, linux-image-generic-lpae, linux-aws, linux-image-kvm, linux-azure, linux-image-gcp, linux-image-5.11.0-1008-gcp, linux-image-generic-64k-hwe-20.04, linux-image-5.11.0-1007-oracle, linux-image-lowlatency-hwe-20.04, linux-image-lowlatency-hwe-20.04-edge, linux-gcp, linux-image-virtual, linux-kvm, linux-image-generic-64k-hwe-20.04-edge, linux, linux-image-5.11.0-18-generic-lpae
  • USN-5000-2: linux-modules-5.4.0-1041-kvm, linux-kvm-headers-5.4.0-1041, linux-tools-kvm, linux-buildinfo-5.4.0-1041-kvm, linux-tools-5.4.0-1041-kvm, linux-kvm-tools-5.4.0-1041, linux-headers-5.4.0-1041-kvm, linux-image-kvm, linux-image-unsigned-5.4.0-1041-kvm, linux-image-5.4.0-1041-kvm, linux-kvm, linux-headers-kvm
  • USN-4997-2: linux-tools-kvm, linux-image-unsigned-5.11.0-1009-kvm, linux-image-5.11.0-1009-kvm, linux-kvm-headers-5.11.0-1009, linux-modules-5.11.0-1009-kvm, linux-tools-5.11.0-1009-kvm, linux-image-kvm, linux-headers-5.11.0-1009-kvm, linux-kvm-tools-5.11.0-1009, linux-buildinfo-5.11.0-1009-kvm, linux-kvm, linux-headers-kvm
  • USN-4997-1: linux-image-5.11.0-1010-oracle, linux-image-5.11.0-1011-aws, linux-image-virtual-hwe-20.04-edge, linux-image-aws, linux-image-generic-lpae-hwe-20.04, linux-image-generic-hwe-20.04, linux-image-raspi-nolpae, linux-image-5.11.0-22-generic-lpae, linux-image-5.11.0-1012-raspi, linux-raspi, linux-image-lowlatency, linux-image-gke, linux-image-oracle, linux-image-5.11.0-1011-gcp, linux-image-generic-hwe-20.04-edge, linux-image-azure, linux-image-oem-20.04, linux-image-generic-lpae-hwe-20.04-edge, linux-image-generic-64k, linux-image-raspi, linux-image-virtual-hwe-20.04, linux-oracle, linux-image-generic, linux-image-generic-lpae, linux-aws, linux-image-5.11.0-22-generic, linux-image-5.11.0-1012-raspi-nolpae, linux-azure, linux-image-gcp, linux-image-generic-64k-hwe-20.04, linux-image-5.11.0-22-generic-64k, linux-image-5.11.0-1009-azure, linux-image-lowlatency-hwe-20.04, linux-gcp, linux-image-lowlatency-hwe-20.04-edge, linux-image-5.11.0-22-lowlatency, linux-image-virtual, linux-image-generic-64k-hwe-20.04-edge, linux
  • USN-5018-1: block-modules-4.15.0-151-generic-lpae-di, linux-snapdragon-tools-4.15.0-1109, irda-modules-4.15.0-151-generic-di, linux-cloud-tools-4.15.0-1121-azure, linux-libc-dev, linux-tools-4.15.0-1092-raspi2, linux-headers-lowlatency-hwe-16.04-edge, linux-udebs-generic, linux-cloud-tools-virtual-hwe-16.04, linux-modules-4.15.0-151-generic, linux-image-kvm, linux-aws-edge, linux-gcp-4.15-tools-4.15.0-1106, linux-modules-extra-4.15.0-1121-azure, linux-headers-generic-lpae, linux-azure-tools-4.15.0-1121, nic-usb-modules-4.15.0-151-generic-di, linux-image-extra-virtual-hwe-16.04, linux-tools-azure-lts-18.04, linux-headers-4.15.0-1106-gcp, linux-headers-4.15.0-151-generic-lpae, linux-headers-virtual, linux-headers-4.15.0-151-lowlatency, linux-modules-extra-aws-lts-18.04, pata-modules-4.15.0-151-generic-di, linux-headers-virtual-hwe-16.04, linux-tools-lowlatency-hwe-16.04-edge, linux-hwe, linux-headers-gcp-lts-18.04, linux-tools-virtual, linux-tools-virtual-hwe-16.04-edge, linux-tools-4.15.0-1106-gcp, linux-image-unsigned-4.15.0-1078-oracle, linux-image-aws-lts-18.04, linux-modules-extra-azure-lts-18.04, linux-signed-image-oracle, linux-cloud-tools-4.15.0-151, linux-modules-extra-4.15.0-1078-oracle, linux-kvm, linux-modules-extra-azure, linux-headers-4.15.0-1121-azure, linux-signed-image-generic-hwe-16.04-edge, kernel-image-4.15.0-151-generic-lpae-di, plip-modules-4.15.0-151-generic-lpae-di, nic-shared-modules-4.15.0-151-generic-di, linux-tools-azure, linux-signed-generic-hwe-16.04, linux-buildinfo-4.15.0-1109-aws, linux-modules-4.15.0-151-generic-lpae, linux-tools-gcp, linux-aws-cloud-tools-4.15.0-1109, linux-headers-oracle-lts-18.04, crypto-modules-4.15.0-151-generic-di, linux-tools-generic-lpae-hwe-16.04-edge, nic-modules-4.15.0-151-generic-lpae-di, linux-headers-generic-lpae-hwe-16.04, linux-aws-lts-18.04, linux-image-unsigned-4.15.0-151-lowlatency, linux-hwe-cloud-tools-4.15.0-151, linux-image-unsigned-4.15.0-151-generic, linux-gcp-4.15-headers-4.15.0-1106, linux-generic-lpae-hwe-16.04-edge, linux-headers-azure-lts-18.04, linux-modules-4.15.0-1078-oracle, linux-snapdragon-headers-4.15.0-1109, linux-cloud-tools-virtual-hwe-16.04-edge, linux-headers-4.15.0-1109-snapdragon, linux-image-aws-hwe, linux-image-unsigned-4.15.0-1121-azure, linux-udebs-generic-lpae, linux-cloud-tools-azure-edge, linux-modules-4.15.0-1097-kvm, linux-cloud-tools-lowlatency-hwe-16.04, linux-headers-snapdragon, firewire-core-modules-4.15.0-151-generic-di, linux-source, linux-tools-generic-lpae-hwe-16.04, linux-buildinfo-4.15.0-151-lowlatency, md-modules-4.15.0-151-generic-lpae-di, linux-hwe-udebs-generic, linux-image-4.15.0-151-generic-lpae, parport-modules-4.15.0-151-generic-di, linux-tools-4.15.0-151-lowlatency, linux-tools-aws-lts-18.04, linux-doc, linux-headers-generic-hwe-16.04-edge, input-modules-4.15.0-151-generic-di, linux-tools-virtual-hwe-16.04, linux-raspi2, md-modules-4.15.0-151-generic-di, linux-signed-azure-lts-18.04, linux-snapdragon, linux-image-lowlatency, linux-headers-virtual-hwe-16.04-edge, linux-tools-4.15.0-1121-azure, linux-tools-azure-edge, linux-tools-4.15.0-1078-oracle, linux-image-4.15.0-151-lowlatency, linux-tools-oem, storage-core-modules-4.15.0-151-generic-lpae-di, dasd-modules-4.15.0-151-generic-di, linux-oem, message-modules-4.15.0-151-generic-di, linux-tools-lowlatency, linux-cloud-tools-common, block-modules-4.15.0-151-generic-di, nic-shared-modules-4.15.0-151-generic-lpae-di, linux-headers-4.15.0-1109-aws, linux-modules-extra-4.15.0-151-generic, linux-signed-image-azure, linux-image-generic-lpae-hwe-16.04-edge, linux-image-4.15.0-1078-oracle, linux-modules-4.15.0-1121-azure, linux-generic-hwe-16.04-edge, serial-modules-4.15.0-151-generic-di, linux-tools-generic-lpae, linux-crashdump, linux-signed-azure, pcmcia-storage-modules-4.15.0-151-generic-di, linux-signed-image-oracle-lts-18.04, linux-tools-aws-hwe, fs-secondary-modules-4.15.0-151-generic-lpae-di, linux-tools-generic, storage-core-modules-4.15.0-151-generic-di, input-modules-4.15.0-151-generic-lpae-di, linux-oracle, linux-headers-aws-hwe, fat-modules-4.15.0-151-generic-lpae-di, linux-image-gke, linux-tools-host, fat-modules-4.15.0-151-generic-di, linux-signed-image-azure-edge, linux-tools-4.15.0-1109-aws, linux-buildinfo-4.15.0-151-generic, linux-gcp-tools-4.15.0-1106, linux-gcp-headers-4.15.0-1106, nic-pcmcia-modules-4.15.0-151-generic-di, linux-headers-generic-lpae-hwe-16.04-edge, linux-cloud-tools-4.15.0-1109-aws, linux-generic-hwe-16.04, floppy-modules-4.15.0-151-generic-di, linux-image-generic, linux-image-4.15.0-1109-snapdragon, mouse-modules-4.15.0-151-generic-di, linux-signed-oem, linux-image-lowlatency-hwe-16.04-edge, linux-tools-generic-hwe-16.04, linux-tools-raspi2, linux-buildinfo-4.15.0-1121-azure, linux, linux-cloud-tools-4.15.0-151-generic, linux-hwe-tools-4.15.0-151, linux-image-gcp-lts-18.04, linux-image-raspi2, linux-cloud-tools-azure-lts-18.04, linux-image-generic-lpae-hwe-16.04, crypto-modules-4.15.0-151-generic-lpae-di, linux-signed-generic, linux-modules-extra-gcp-lts-18.04, plip-modules-4.15.0-151-generic-di, linux-modules-4.15.0-1106-gcp, linux-signed-lowlatency, linux-kvm-tools-4.15.0-1097, linux-azure-cloud-tools-4.15.0-1121, linux-buildinfo-4.15.0-1106-gcp, linux-aws-hwe-cloud-tools-4.15.0-1109, linux-signed-image-lowlatency-hwe-16.04, linux-cloud-tools-generic-hwe-16.04, scsi-modules-4.15.0-151-generic-di, linux-headers-4.15.0-151-generic, linux-image-extra-virtual, linux-kvm-headers-4.15.0-1097, linux-tools-oracle-lts-18.04, mouse-modules-4.15.0-151-generic-lpae-di, pcmcia-modules-4.15.0-151-generic-di, linux-azure-headers-4.15.0-1121, linux-image-unsigned-4.15.0-1106-gcp, linux-virtual-hwe-16.04-edge, ipmi-modules-4.15.0-151-generic-di, linux-gcp-lts-18.04, linux-image-azure-edge, linux-signed-image-lowlatency, linux-modules-extra-azure-edge, linux-headers-oem, linux-cloud-tools-generic, linux-image-snapdragon, vlan-modules-4.15.0-151-generic-di, sata-modules-4.15.0-151-generic-di, linux-image-4.15.0-1106-gcp, linux-signed-azure-edge, linux-modules-4.15.0-1109-aws, kernel-image-4.15.0-151-generic-di, linux-image-extra-virtual-hwe-16.04-edge, linux-modules-4.15.0-1092-raspi2, linux-modules-extra-4.15.0-1106-gcp, linux-buildinfo-4.15.0-151-generic-lpae, nfs-modules-4.15.0-151-generic-lpae-di, linux-image-oracle, linux-gke, linux-azure-4.15-cloud-tools-4.15.0-1121, linux-gcp-4.15, nic-modules-4.15.0-151-generic-di, linux-buildinfo-4.15.0-1078-oracle, linux-raspi2-headers-4.15.0-1092, linux-image-azure-lts-18.04, linux-modules-4.15.0-1109-snapdragon, linux-image-generic-lpae, linux-azure-4.15-headers-4.15.0-1121, fs-secondary-modules-4.15.0-151-generic-di, linux-lowlatency, linux-aws, linux-azure-lts-18.04, linux-cloud-tools-generic-hwe-16.04-edge, linux-signed-image-oem, linux-tools-4.15.0-151-generic-lpae, linux-virtual-hwe-16.04, linux-image-virtual, fb-modules-4.15.0-151-generic-di, linux-signed-lowlatency-hwe-16.04-edge, linux-cloud-tools-lowlatency-hwe-16.04-edge, linux-image-oracle-lts-18.04, linux-image-virtual-hwe-16.04, linux-tools-kvm, linux-image-virtual-hwe-16.04-edge, linux-headers-azure, scsi-modules-4.15.0-151-generic-lpae-di, linux-source-4.15.0, linux-modules-extra-gke, linux-cloud-tools-azure, linux-headers-4.15.0-151, linux-modules-extra-aws-hwe, linux-headers-azure-edge, fs-core-modules-4.15.0-151-generic-lpae-di, fs-core-modules-4.15.0-151-generic-di, linux-image-gcp, linux-headers-gke, linux-signed-lowlatency-hwe-16.04, linux-lowlatency-hwe-16.04-edge, linux-image-4.15.0-151-generic, linux-tools-common, multipath-modules-4.15.0-151-generic-di, linux-tools-lowlatency-hwe-16.04, linux-tools-generic-hwe-16.04-edge, linux-oracle-lts-18.04, linux-modules-extra-gcp, multipath-modules-4.15.0-151-generic-lpae-di, usb-modules-4.15.0-151-generic-lpae-di, linux-signed-oracle-lts-18.04, linux-headers-4.15.0-1092-raspi2, virtio-modules-4.15.0-151-generic-di, linux-tools-snapdragon, linux-cloud-tools-lowlatency, ipmi-modules-4.15.0-151-generic-lpae-di, usb-modules-4.15.0-151-generic-di, linux-gcp, nfs-modules-4.15.0-151-generic-di, linux-signed-image-azure-lts-18.04, linux-oracle-tools-4.15.0-1078, linux-image-4.15.0-1097-kvm, linux-buildinfo-4.15.0-1092-raspi2, linux-azure-edge, linux-signed-oracle, linux-headers-raspi2, linux-aws-headers-4.15.0-1109, linux-tools-oracle, linux-virtual, linux-headers-aws-lts-18.04, linux-generic-lpae-hwe-16.04, linux-lowlatency-hwe-16.04, linux-modules-4.15.0-151-lowlatency, linux-headers-oracle, linux-tools-4.15.0-1109-snapdragon, linux-azure, linux-buildinfo-4.15.0-1097-kvm, linux-tools-gcp-lts-18.04, linux-signed-image-generic-hwe-16.04, linux-headers-4.15.0-1097-kvm, linux-cloud-tools-4.15.0-151-lowlatency, linux-headers-4.15.0-1078-oracle, linux-signed-image-generic, linux-image-azure, linux-raspi2-tools-4.15.0-1092, linux-headers-gcp, linux-headers-lowlatency, linux-image-generic-hwe-16.04, linux-aws-hwe-tools-4.15.0-1109, dasd-extra-modules-4.15.0-151-generic-di, linux-image-4.15.0-1109-aws, linux-oracle-headers-4.15.0-1078, sata-modules-4.15.0-151-generic-lpae-di, ppp-modules-4.15.0-151-generic-di, linux-image-4.15.0-1092-raspi2, linux-generic, linux-azure-4.15, linux-signed-image-lowlatency-hwe-16.04-edge, linux-tools-4.15.0-151-generic, ppp-modules-4.15.0-151-generic-lpae-di, nic-usb-modules-4.15.0-151-generic-lpae-di, linux-image-lowlatency-hwe-16.04, linux-image-generic-hwe-16.04-edge, linux-aws-hwe, linux-azure-4.15-tools-4.15.0-1121, linux-generic-lpae, linux-headers-lowlatency-hwe-16.04, linux-signed-generic-hwe-16.04-edge, linux-image-oem, linux-buildinfo-4.15.0-1109-snapdragon, vlan-modules-4.15.0-151-generic-lpae-di, kernel-signed-image-4.15.0-151-generic-di, linux-tools-4.15.0-151, linux-image-4.15.0-1121-azure, parport-modules-4.15.0-151-generic-lpae-di, linux-modules-extra-4.15.0-1109-aws, linux-aws-tools-4.15.0-1109, irda-modules-4.15.0-151-generic-lpae-di, linux-tools-4.15.0-1097-kvm, linux-tools-gke, linux-headers-generic, linux-cloud-tools-virtual, linux-headers-generic-hwe-16.04, linux-headers-kvm