LSN-0073-1

Source
https://ubuntu.com/security/notices/LSN-0073-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/lsn/LSN-0073-1.json
JSON Data
https://api.osv.dev/v1/vulns/LSN-0073-1
Related
Published
2020-10-23T07:23:57Z
Modified
2020-10-23T07:23:57Z
Summary
Kernel Live Patch Security Notice
Details

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12351)

Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352)

Andy Nguyen discovered that the Bluetooth HCI event packet parser in the Linux kernel did not properly handle event advertisements of certain sizes, leading to a heap-based buffer overflow. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-24490)

References

Affected packages

Ubuntu:Pro:18.04:LTS / linux-aws

Package

Name
linux-aws
Purl
pkg:deb/ubuntu/linux-aws@4.15.0-1176.189?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.15.0-1001.1
4.15.0-1003.3
4.15.0-1005.5
4.15.0-1006.6
4.15.0-1007.7
4.15.0-1009.9
4.15.0-1010.10
4.15.0-1011.11
4.15.0-1016.16
4.15.0-1017.17
4.15.0-1019.19
4.15.0-1020.20
4.15.0-1021.21
4.15.0-1023.23
4.15.0-1025.25
4.15.0-1027.27
4.15.0-1029.30
4.15.0-1031.33
4.15.0-1032.34
4.15.0-1033.35
4.15.0-1034.36
4.15.0-1035.37
4.15.0-1037.39
4.15.0-1039.41
4.15.0-1040.42
4.15.0-1041.43
4.15.0-1043.45
4.15.0-1044.46
4.15.0-1045.47
4.15.0-1047.49
4.15.0-1048.50
4.15.0-1050.52
4.15.0-1051.53
4.15.0-1052.54
4.15.0-1054.56
4.15.0-1056.58
4.15.0-1057.59
4.15.0-1058.60
4.15.0-1060.62
4.15.0-1063.67
4.15.0-1065.69
4.15.0-1066.70
4.15.0-1067.71
4.15.0-1073.77
4.15.0-1076.80
4.15.0-1077.81
4.15.0-1079.83
4.15.0-1080.84
4.15.0-1082.86
4.15.0-1083.87
4.15.0-1086.91
4.15.0-1087.92
4.15.0-1088.93
4.15.0-1090.95
4.15.0-1091.96
4.15.0-1092.98
4.15.0-1093.99
4.15.0-1094.101
4.15.0-1095.102
4.15.0-1096.103
4.15.0-1097.104
4.15.0-1098.105
4.15.0-1099.106
4.15.0-1101.108
4.15.0-1102.109
4.15.0-1103.110
4.15.0-1106.113
4.15.0-1109.116
4.15.0-1110.117
4.15.0-1111.118
4.15.0-1112.119
4.15.0-1114.121
4.15.0-1115.122
4.15.0-1116.123
4.15.0-1118.125
4.15.0-1119.127
4.15.0-1121.129
4.15.0-1123.132
4.15.0-1124.133
4.15.0-1126.135
4.15.0-1127.136
4.15.0-1128.137
4.15.0-1130.139
4.15.0-1133.143
4.15.0-1136.147
4.15.0-1137.148
4.15.0-1139.150
4.15.0-1140.151
4.15.0-1141.152
4.15.0-1142.154
4.15.0-1143.155
4.15.0-1144.156
4.15.0-1146.158
4.15.0-1147.159
4.15.0-1148.160
4.15.0-1150.163
4.15.0-1151.164
4.15.0-1153.166
4.15.0-1154.167
4.15.0-1155.168
4.15.0-1156.169
4.15.0-1157.170
4.15.0-1158.171
4.15.0-1159.172
4.15.0-1160.173
4.15.0-1161.174
4.15.0-1162.175
4.15.0-1163.176
4.15.0-1164.177
4.15.0-1165.178
4.15.0-1166.179
4.15.0-1167.180
4.15.0-1168.181
4.15.0-1169.182
4.15.0-1170.183
4.15.0-1172.185
4.15.0-1173.186
4.15.0-1174.187
4.15.0-1175.188
4.15.0-1176.189

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_4_15_0[_|\\d]+_aws_(\\d+)"
}

Ubuntu:Pro:20.04:LTS / linux-aws

Package

Name
linux-aws
Purl
pkg:deb/ubuntu/linux-aws@5.4.0-1137.147?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.3.0-1003.3
5.3.0-1008.9
5.3.0-1009.10
5.3.0-1010.11
5.4.0-1005.5
5.4.0-1007.7
5.4.0-1008.8
5.4.0-1009.9
5.4.0-1011.11
5.4.0-1015.15
5.4.0-1017.17
5.4.0-1018.18
5.4.0-1020.20
5.4.0-1021.21
5.4.0-1022.22
5.4.0-1024.24
5.4.0-1025.25
5.4.0-1028.29
5.4.0-1029.30
5.4.0-1030.31
5.4.0-1032.33
5.4.0-1034.35
5.4.0-1035.37
5.4.0-1037.39
5.4.0-1038.40
5.4.0-1039.41
5.4.0-1041.43
5.4.0-1043.45
5.4.0-1045.47
5.4.0-1047.49
5.4.0-1048.50
5.4.0-1049.51
5.4.0-1051.53
5.4.0-1054.57
5.4.0-1055.58
5.4.0-1056.59
5.4.0-1057.60
5.4.0-1058.61
5.4.0-1059.62
5.4.0-1060.63
5.4.0-1061.64
5.4.0-1063.66
5.4.0-1064.67
5.4.0-1065.68
5.4.0-1066.69
5.4.0-1068.72
5.4.0-1069.73
5.4.0-1071.76
5.4.0-1072.77
5.4.0-1073.78
5.4.0-1075.80
5.4.0-1078.84
5.4.0-1080.87
5.4.0-1081.88
5.4.0-1083.90
5.4.0-1084.91
5.4.0-1085.92
5.4.0-1086.93
5.4.0-1088.96
5.4.0-1089.97
5.4.0-1092.100
5.4.0-1093.101
5.4.0-1094.102
5.4.0-1096.104
5.4.0-1097.105
5.4.0-1099.107
5.4.0-1100.108
5.4.0-1101.109
5.4.0-1102.110
5.4.0-1103.111
5.4.0-1104.112
5.4.0-1105.113
5.4.0-1106.114
5.4.0-1107.115
5.4.0-1108.116
5.4.0-1109.118
5.4.0-1110.119
5.4.0-1111.120
5.4.0-1112.121
5.4.0-1113.123
5.4.0-1114.124
5.4.0-1116.126
5.4.0-1117.127
5.4.0-1118.128
5.4.0-1119.129
5.4.0-1120.130
5.4.0-1121.131
5.4.0-1122.132
5.4.0-1123.133
5.4.0-1124.134
5.4.0-1125.135
5.4.0-1126.136
5.4.0-1127.137
5.4.0-1128.138
5.4.0-1129.139
5.4.0-1130.140
5.4.0-1131.141
5.4.0-1132.142
5.4.0-1133.143
5.4.0-1134.144
5.4.0-1135.145
5.4.0-1136.146
5.4.0-1137.147

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_5_4_0[_|\\d]+_aws_(\\d+)"
}