{"id":"USN-5001-1","summary":"linux-oem-5.10 vulnerabilities","details":"Norbert Slusarek discovered a race condition in the CAN BCM networking\nprotocol of the Linux kernel leading to multiple use-after-free\nvulnerabilities. A local attacker could use this issue to execute arbitrary\ncode. (CVE-2021-3609)\n\nMathy Vanhoef discovered that the Linux kernel’s WiFi implementation did\nnot properly clear received fragments from memory in some situations. A\nphysically proximate attacker could possibly use this issue to inject\npackets or expose sensitive information. (CVE-2020-24586)\n\nMathy Vanhoef discovered that the Linux kernel’s WiFi implementation\nincorrectly handled encrypted fragments. A physically proximate attacker\ncould possibly use this issue to decrypt fragments. (CVE-2020-24587)\n\nMathy Vanhoef discovered that the Linux kernel’s WiFi implementation\nincorrectly handled certain malformed frames. If a user were tricked into\nconnecting to a malicious server, a physically proximate attacker could use\nthis issue to inject packets. (CVE-2020-24588)\n\nMathy Vanhoef discovered that the Linux kernel’s WiFi implementation\nincorrectly handled EAPOL frames from unauthenticated senders. A physically\nproximate attacker could inject malicious packets to cause a denial of\nservice (system crash). (CVE-2020-26139)\n\nMathy Vanhoef discovered that the Linux kernel’s WiFi implementation did\nnot properly verify certain fragmented frames. A physically proximate\nattacker could possibly use this issue to inject or decrypt packets.\n(CVE-2020-26141)\n\nMathy Vanhoef discovered that the Linux kernel’s WiFi implementation\naccepted plaintext fragments in certain situations. A physically proximate\nattacker could use this issue to inject packets. (CVE-2020-26145)\n\nMathy Vanhoef discovered that the Linux kernel’s WiFi implementation could\nreassemble mixed encrypted and plaintext fragments. A physically proximate\nattacker could possibly use this issue to inject packets or exfiltrate\nselected fragments. (CVE-2020-26147)\n\nOr Cohen discovered that the SCTP implementation in the Linux kernel\ncontained a race condition in some situations, leading to a use-after-free\ncondition. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2021-23133)\n\nOr Cohen and Nadav Markus discovered a use-after-free vulnerability in the\nnfc implementation in the Linux kernel. A privileged local attacker could\nuse this issue to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2021-23134)\n\nManfred Paul discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel contained an out-of-bounds\nvulnerability. A local attacker could use this issue to execute arbitrary\ncode. (CVE-2021-31440)\n\nIt was discovered that a race condition in the kernel Bluetooth subsystem\ncould lead to use-after-free of slab objects. An attacker could use this\nissue to possibly execute arbitrary code. (CVE-2021-32399)\n\nIt was discovered that a use-after-free existed in the Bluetooth HCI driver\nof the Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2021-33034)\n\nIt was discovered that an out-of-bounds (OOB) memory access flaw existed in\nthe f2fs module of the Linux kernel. A local attacker could use this issue\nto cause a denial of service (system crash). (CVE-2021-3506)\n\nMathias Krause discovered that a null pointer dereference existed in the\nNitro Enclaves kernel driver of the Linux kernel. A local attacker could\nuse this issue to cause a denial of service or possibly execute arbitrary\ncode. (CVE-2021-3543)\n","modified":"2026-02-10T04:42:16Z","published":"2021-06-23T03:45:22Z","related":["UBUNTU-CVE-2020-24586","UBUNTU-CVE-2020-24587","UBUNTU-CVE-2020-24588","UBUNTU-CVE-2020-26139","UBUNTU-CVE-2020-26141","UBUNTU-CVE-2020-26145","UBUNTU-CVE-2020-26147","UBUNTU-CVE-2021-23133","UBUNTU-CVE-2021-23134","UBUNTU-CVE-2021-31440","UBUNTU-CVE-2021-32399","UBUNTU-CVE-2021-33034","UBUNTU-CVE-2021-3506","UBUNTU-CVE-2021-3543","UBUNTU-CVE-2021-3609"],"upstream":["CVE-2020-24586","CVE-2020-24587","CVE-2020-24588","CVE-2020-26139","CVE-2020-26141","CVE-2020-26145","CVE-2020-26147","CVE-2021-23133","CVE-2021-23134","CVE-2021-31440","CVE-2021-32399","CVE-2021-33034","CVE-2021-3506","CVE-2021-3543","CVE-2021-3609","UBUNTU-CVE-2020-24586","UBUNTU-CVE-2020-24587","UBUNTU-CVE-2020-24588","UBUNTU-CVE-2020-26139","UBUNTU-CVE-2020-26141","UBUNTU-CVE-2020-26145","UBUNTU-CVE-2020-26147","UBUNTU-CVE-2021-23133","UBUNTU-CVE-2021-23134","UBUNTU-CVE-2021-31440","UBUNTU-CVE-2021-32399","UBUNTU-CVE-2021-33034","UBUNTU-CVE-2021-3506","UBUNTU-CVE-2021-3543","UBUNTU-CVE-2021-3609"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5001-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-24586"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-24587"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-24588"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-26139"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-26141"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-26145"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-26147"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3506"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3543"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3609"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-23133"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-23134"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-31440"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-32399"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-33034"}],"affected":[{"package":{"name":"linux-oem-5.10","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/linux-oem-5.10@5.10.0-1033.34?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-1033.34"}]}],"versions":["5.10.0-1008.9","5.10.0-1011.12","5.10.0-1013.14","5.10.0-1014.15","5.10.0-1016.17","5.10.0-1017.18","5.10.0-1019.20","5.10.0-1021.22","5.10.0-1022.23","5.10.0-1023.24","5.10.0-1025.26","5.10.0-1026.27","5.10.0-1029.30","5.10.0-1032.33"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"linux-buildinfo-5.10.0-1033-oem","binary_version":"5.10.0-1033.34"},{"binary_name":"linux-headers-5.10.0-1033-oem","binary_version":"5.10.0-1033.34"},{"binary_name":"linux-image-unsigned-5.10.0-1033-oem","binary_version":"5.10.0-1033.34"},{"binary_name":"linux-modules-5.10.0-1033-oem","binary_version":"5.10.0-1033.34"},{"binary_name":"linux-oem-5.10-headers-5.10.0-1033","binary_version":"5.10.0-1033.34"},{"binary_name":"linux-oem-5.10-tools-5.10.0-1033","binary_version":"5.10.0-1033.34"},{"binary_name":"linux-oem-5.10-tools-host","binary_version":"5.10.0-1033.34"},{"binary_name":"linux-tools-5.10.0-1033-oem","binary_version":"5.10.0-1033.34"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5001-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2021-3609"}],"ecosystem":"Ubuntu:20.04:LTS"}}}],"schema_version":"1.7.3"}