ASA-2020-00040 – Canonical Ubuntu: Arbitrary file read and arbitrary module loading due to incorrectly handled module loading in the ppp package

The ppp package in Ubuntu contains a patch to load the ppp_generic kernel module when it's not built by default in the Linux kernel. The patch has a vulnerability that allows an attacker to influence the behavior of the modprobe binary using MODPROBE_OPTIONS environment variable. This vulnerability leads to arbitrary file read or arbitrary kernel module loading.

ASA-2020-00039 – Linux kernel: SELinux netlink permission check bypass due to SELinux incorrectly assume that an skb would only contain a single netlink message

A flaw was found in the Linux kernels SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.

ASA-2019-00669 – OpenBSD: Dynamic Loader Privilege Escalation

OpenBSD  allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.