USN-5605-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-5605-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5605-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5605-1

Related

Published

2022-09-09T13:04:20.358583Z

Modified

2022-09-09T13:04:20.358583Z

Summary

linux-azure-fde vulnerabilities

Details

Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33061)

It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33656)

References

Affected packages

Ubuntu:20.04:LTS / linux-azure-fde

Package

Name: linux-azure-fde
Purl: pkg:deb/ubuntu/linux-azure-fde@5.4.0-1090.95+cvm1.1?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.0-1090.95+cvm1.1

Affected versions

5.*

5.4.0-1063.66+cvm2.2

5.4.0-1063.66+cvm3.2

5.4.0-1064.67+cvm1.1

5.4.0-1065.68+cvm2.1

5.4.0-1067.70+cvm1.1

5.4.0-1068.71+cvm1.1

5.4.0-1069.72+cvm1.1

5.4.0-1070.73+cvm1.1

5.4.0-1072.75+cvm1.1

5.4.0-1073.76+cvm1.1

5.4.0-1074.77+cvm1.1

5.4.0-1076.79+cvm1.1

5.4.0-1078.81+cvm1.1

5.4.0-1080.83+cvm1.1

5.4.0-1083.87+cvm1.1

5.4.0-1085.90+cvm1.1

5.4.0-1085.90+cvm2.1

5.4.0-1086.91+cvm1.1

5.4.0-1089.94+cvm1.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "linux-image-unsigned-5.4.0-1090-azure-fde-dbgsym": "5.4.0-1090.95+cvm1.1",
            "linux-image-unsigned-5.4.0-1090-azure-fde": "5.4.0-1090.95+cvm1.1"
        }
    ]
}