Software description
- gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
- generic-4.15 – Linux kernel - (>= 4.15.0-69)
- generic-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)
- generic-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
- gke – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033)
- gke-4.15 – Linux kernel for Google Container Engine (GKE) systems - (>= 4.15.0-1076)
- gke-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
- gkeop – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
- gkeop-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
- lowlatency-4.15 – Linux kernel - (>= 4.15.0-69)
- lowlatency-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)
- lowlatency-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
- oem – Linux kernel for OEM systems - (>= 4.15.0-1063)
- gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009)
- generic-4.15 – Linux kernel - (>= 4.15.0-69)
- generic-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)
- generic-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
- gke – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033)
- gke-4.15 – Linux kernel for Google Container Engine (GKE) systems - (>= 4.15.0-1076)
- gke-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
- gkeop – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
- gkeop-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
- lowlatency-4.15 – Linux kernel - (>= 4.15.0-69)
- lowlatency-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-168)
- lowlatency-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
- oem – Linux kernel for OEM systems - (>= 4.15.0-1063)
Details
It was discovered that the eBPF implementation in the Linux kernel did not
properly track bounds information for 32 bit registers when performing div
and mod operations. A local attacker could use this to possibly execute
arbitrary code.(CVE-2021-3600)
It was discovered that the virtual file system implementation in the Linux
kernel contained an unsigned to signed integer conversion error. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code.(CVE-2021-33909)
It was discovered that the eBPF implementation in the Linux kernel did not
properly track bounds information for 32 bit registers when performing div
and mod operations. A local attacker could use this to possibly execute
arbitrary code.(CVE-2021-3600)
It was discovered that the virtual file system implementation in the Linux
kernel contained an unsigned to signed integer conversion error. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code.(CVE-2021-33909)
Checking update status
To check your kernel type and Livepatch version, enter this command:
canonical-livepatch statusThe problem can be corrected in these Livepatch versions:
| Kernel type | 20.04 | 18.04 | 16.04 | 14.04 |
|---|---|---|---|---|
| gcp | 79.1 | — | — | — |
| generic-4.15 | — | 79.1 | — | — |
| generic-4.4 | — | — | 79.1 | 79.1 |
| generic-5.4 | 79.1 | 79.1 | — | — |
| gke | 79.1 | — | — | — |
| gke-4.15 | — | 79.1 | — | — |
| gke-5.4 | — | 79.1 | — | — |
| gkeop | 79.1 | — | — | — |
| gkeop-5.4 | — | 79.1 | — | — |
| lowlatency-4.15 | — | 79.1 | — | — |
| lowlatency-4.4 | — | — | 79.1 | 79.1 |
| lowlatency-5.4 | 79.1 | 79.1 | — | — |
| oem | — | 79.1 | — | — |
References
Have additional questions?