Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU61258
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4197
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing permissions checks within the cgroups (control groups) functionality of Linux Kernel when writing into a file descriptor. A local low privileged process can trick a higher privileged parent process into writing arbitrary data into files, which can result in denial of service or privileges escalation.
Mitigation
Update the affected package linux to the latest version.
Vulnerable software versions
Ubuntu: 16.04
linux-image-lowlatency (Ubuntu package): before 4.4.0.229.235
linux-image-4.4.0-1145-aws (Ubuntu package): before 4.4.0.229.235
linux-image-4.4.0-229-generic (Ubuntu package): before 4.4.0.229.235
linux-image-4.4.0-229-lowlatency (Ubuntu package): before 4.4.0.229.235
linux-image-aws (Ubuntu package): before 4.4.0.229.235
linux-image-generic (Ubuntu package): before 4.4.0.229.235
linux-image-virtual (Ubuntu package): before 4.4.0.229.235
CPE2.3
External links
http://ubuntu.com/security/notices/USN-5500-1
Q & A
Can ..
Support the originator by clicking the read the rest link below.