{"id":"USN-4912-1","summary":"linux-oem-5.6 vulnerabilities","details":"Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux\nkernel did not properly validate computation of branch displacements in\nsome situations. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2021-29154)\n\nIt was discovered that a race condition existed in the binder IPC\nimplementation in the Linux kernel, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2020-0423)\n\nIt was discovered that the HID multitouch implementation within the Linux\nkernel did not properly validate input events in some situations. A\nphysically proximate attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2020-0465)\n\nIt was discovered that the eventpoll (aka epoll) implementation in the\nLinux kernel contained a logic error that could lead to a use after free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2020-0466)\n\nIt was discovered that a race condition existed in the perf subsystem of\nthe Linux kernel, leading to a use-after-free vulnerability. An attacker\nwith access to the perf subsystem could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2020-14351)\n\nIt was discovered that the frame buffer implementation in the Linux kernel\ndid not properly handle some edge cases in software scrollback. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2020-14390)\n\nIt was discovered that a race condition existed in the hugetlb sysctl\nimplementation in the Linux kernel. A privileged attacker could use this to\ncause a denial of service (system crash). (CVE-2020-25285)\n\nIt was discovered that the GENEVE tunnel implementation in the Linux kernel\nwhen combined with IPSec did not properly select IP routes in some\nsituations. An attacker could use this to expose sensitive information\n(unencrypted network traffic). (CVE-2020-25645)\n\nBodong Zhao discovered a use-after-free in the Sun keyboard driver\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service or possibly execute arbitrary code.\n(CVE-2020-25669)\n\nShisong Qin and Bodong Zhao discovered that Speakup screen reader driver in\nthe Linux kernel did not correctly handle setting line discipline in some\nsituations. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2020-27830)\n\nIt was discovered that the Marvell WiFi-Ex device driver in the Linux\nkernel did not properly validate ad-hoc SSIDs. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2020-36158)\n\nLoris Reiff discovered that the BPF implementation in the Linux kernel did\nnot properly validate attributes in the getsockopt BPF hook. A local\nattacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2021-20194)\n\nAdam Zabrocki discovered that the kprobes subsystem in the Linux kernel did\nnot properly detect linker padding in some situations. A privileged\nattacker could use this to cause a denial of service (system crash) or\npossibly expose sensitive information. (CVE-2021-3411)\n\n吴异 discovered that the NFS implementation in the Linux kernel did not\nproperly prevent access outside of an NFS export that is a subdirectory of\na file system. An attacker could possibly use this to bypass NFS access\nrestrictions. (CVE-2021-3178)\n","modified":"2026-02-10T04:42:08Z","published":"2021-04-13T21:35:44Z","related":["UBUNTU-CVE-2020-0423","UBUNTU-CVE-2020-0465","UBUNTU-CVE-2020-0466","UBUNTU-CVE-2020-14351","UBUNTU-CVE-2020-14390","UBUNTU-CVE-2020-25285","UBUNTU-CVE-2020-25645","UBUNTU-CVE-2020-25669","UBUNTU-CVE-2020-27830","UBUNTU-CVE-2020-36158","UBUNTU-CVE-2021-20194","UBUNTU-CVE-2021-29154","UBUNTU-CVE-2021-3178","UBUNTU-CVE-2021-3411"],"upstream":["CVE-2020-0423","CVE-2020-0465","CVE-2020-0466","CVE-2020-14351","CVE-2020-14390","CVE-2020-25285","CVE-2020-25645","CVE-2020-25669","CVE-2020-27830","CVE-2020-36158","CVE-2021-20194","CVE-2021-29154","CVE-2021-3178","CVE-2021-3411","UBUNTU-CVE-2020-0423","UBUNTU-CVE-2020-0465","UBUNTU-CVE-2020-0466","UBUNTU-CVE-2020-14351","UBUNTU-CVE-2020-14390","UBUNTU-CVE-2020-25285","UBUNTU-CVE-2020-25645","UBUNTU-CVE-2020-25669","UBUNTU-CVE-2020-27830","UBUNTU-CVE-2020-36158","UBUNTU-CVE-2021-20194","UBUNTU-CVE-2021-29154","UBUNTU-CVE-2021-3178","UBUNTU-CVE-2021-3411"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4912-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-0423"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-0465"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-0466"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-14351"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-14390"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25285"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25645"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25669"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-27830"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-36158"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3178"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3411"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-20194"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-29154"}],"affected":[{"package":{"name":"linux-oem-5.6","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/linux-oem-5.6@5.6.0-1053.57?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.6.0-1053.57"}]}],"versions":["5.6.0-1007.7","5.6.0-1008.8","5.6.0-1010.10","5.6.0-1011.11","5.6.0-1013.13","5.6.0-1017.17","5.6.0-1018.18","5.6.0-1020.20","5.6.0-1021.21","5.6.0-1023.23","5.6.0-1026.26","5.6.0-1027.27","5.6.0-1028.28","5.6.0-1031.32","5.6.0-1032.33","5.6.0-1033.35","5.6.0-1034.36","5.6.0-1035.37","5.6.0-1036.39","5.6.0-1039.43","5.6.0-1042.46","5.6.0-1047.51","5.6.0-1048.52","5.6.0-1050.54","5.6.0-1052.56"],"ecosystem_specific":{"binaries":[{"binary_name":"linux-buildinfo-5.6.0-1053-oem","binary_version":"5.6.0-1053.57"},{"binary_name":"linux-headers-5.6.0-1053-oem","binary_version":"5.6.0-1053.57"},{"binary_name":"linux-image-unsigned-5.6.0-1053-oem","binary_version":"5.6.0-1053.57"},{"binary_name":"linux-modules-5.6.0-1053-oem","binary_version":"5.6.0-1053.57"},{"binary_name":"linux-oem-5.6-headers-5.6.0-1053","binary_version":"5.6.0-1053.57"},{"binary_name":"linux-oem-5.6-tools-5.6.0-1053","binary_version":"5.6.0-1053.57"},{"binary_name":"linux-oem-5.6-tools-host","binary_version":"5.6.0-1053.57"},{"binary_name":"linux-tools-5.6.0-1053-oem","binary_version":"5.6.0-1053.57"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4912-1.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2020-0423"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-0465"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-0466"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2020-14351"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2020-14390"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2020-25285"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-25645"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2020-25669"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2020-27830"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-36158"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"negligible"}],"id":"CVE-2021-3178"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-3411"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2021-20194"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2021-29154"}]}}}],"schema_version":"1.7.3"}