{"id":"USN-5218-1","summary":"linux-oem-5.13 vulnerabilities","details":"Nadav Amit discovered that the hugetlb implementation in the Linux kernel\ndid not perform TLB flushes under certain conditions. A local attacker\ncould use this to leak or alter data from other processes that use huge\npages. (CVE-2021-4002)\n\nIt was discovered that the eBPF implementation in the Linux kernel did\nnot properly validate the memory size of certain ring buffer operation\narguments. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2021-4204)\n\nIt was discovered that a race condition existed in the overlay file system\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2021-20321)\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a\nuse-after-free vulnerability in its NFC Controller Interface (NCI)\nimplementation. A local attacker could possibly use this to cause a denial\nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nIt was discovered that an integer overflow could be triggered in the eBPF\nimplementation in the Linux kernel when preallocating objects for stack\nmaps. A privileged local attacker could use this to cause a denial of\nservice or possibly execute arbitrary code. (CVE-2021-41864)\n\nIt was discovered that the KVM implementation for POWER8 processors in the\nLinux kernel did not properly keep track if a wakeup event could be\nresolved by a guest. An attacker in a guest VM could possibly use this to\ncause a denial of service (host OS crash). (CVE-2021-43056)\n\nIt was discovered that the TIPC Protocol implementation in the Linux kernel\ndid not properly validate MSG_CRYPTO messages in some situations. An\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2021-43267)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel\ncontained a race condition in certain situations that could trigger an\narray out-of-bounds bug. A privileged local attacker could possibly use\nthis to cause a denial of service or execute arbitrary code.\n(CVE-2021-43389)\n\n","modified":"2026-04-27T16:19:01.596611844Z","published":"2022-01-11T04:58:00Z","related":["UBUNTU-CVE-2021-20321","UBUNTU-CVE-2021-3760","UBUNTU-CVE-2021-4002","UBUNTU-CVE-2021-41864","UBUNTU-CVE-2021-4204","UBUNTU-CVE-2021-43056","UBUNTU-CVE-2021-43267","UBUNTU-CVE-2021-43389"],"upstream":["CVE-2021-20321","CVE-2021-3760","CVE-2021-4002","CVE-2021-41864","CVE-2021-4204","CVE-2021-43056","CVE-2021-43267","CVE-2021-43389","UBUNTU-CVE-2021-20321","UBUNTU-CVE-2021-3760","UBUNTU-CVE-2021-4002","UBUNTU-CVE-2021-41864","UBUNTU-CVE-2021-4204","UBUNTU-CVE-2021-43056","UBUNTU-CVE-2021-43267","UBUNTU-CVE-2021-43389"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5218-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3760"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-4002"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-4204"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-20321"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-41864"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-43056"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-43267"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-43389"},{"type":"REPORT","url":"https://launchpad.net/bugs/1956585"}],"affected":[{"package":{"name":"linux-oem-5.13","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/linux-oem-5.13@5.13.0-1026.32?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.13.0-1026.32"}]}],"versions":["5.13.0-1009.10","5.13.0-1010.11","5.13.0-1012.16","5.13.0-1014.18","5.13.0-1017.21","5.13.0-1019.23","5.13.0-1020.24","5.13.0-1021.25","5.13.0-1022.26"],"ecosystem_specific":{"binaries":[{"binary_name":"linux-buildinfo-5.13.0-1026-oem","binary_version":"5.13.0-1026.32"},{"binary_name":"linux-headers-5.13.0-1026-oem","binary_version":"5.13.0-1026.32"},{"binary_name":"linux-image-unsigned-5.13.0-1026-oem","binary_version":"5.13.0-1026.32"},{"binary_name":"linux-modules-5.13.0-1026-oem","binary_version":"5.13.0-1026.32"},{"binary_name":"linux-oem-5.13-headers-5.13.0-1026","binary_version":"5.13.0-1026.32"},{"binary_name":"linux-oem-5.13-tools-5.13.0-1026","binary_version":"5.13.0-1026.32"},{"binary_name":"linux-oem-5.13-tools-host","binary_version":"5.13.0-1026.32"},{"binary_name":"linux-tools-5.13.0-1026-oem","binary_version":"5.13.0-1026.32"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5218-1.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-3760"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2021-4002"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2021-4204"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-20321"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2021-41864"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-43056"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-43267"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2021-43389"}]}}}],"schema_version":"1.7.5"}