LSN-0089-1

Advisory lineage Upstream: 16 Downstream: 0
Published: 24 Aug 2022, 07:09
Last modified:03 Jun 2026, 14:03

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

24 Aug 2022, 07:09
Published
Vulnerability first disclosed
03 Jun 2026, 14:03
Last Modified
Vulnerability information updated

Description

Kernel Live Patch Security Notice Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966) Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. A local attacker could use this to cause a denial of service or execute arbitrary code.(CVE-2022-1972) It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-2585) It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-2586) Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-2588) It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions.(CVE-2022-21499) Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-29581) Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations.(CVE-2022-34918)

Affected Systems

  • ubuntulinux

    < 4.4.0-227.261 | < 4.15.0-184.194 | < 5.4.0-117.132 | < 4.4.0-231.265 | < 4.15.0-191.202 | < 5.4.0-124.140 | < 5.15.0-46.49

  • ubuntulinux-aws

    < 4.4.0-1143.158 | < 4.15.0-1133.143 | < 5.4.0-1078.84 | < 4.4.0-1147.162 | < 4.15.0-1139.150 | < 5.4.0-1083.90 | < 5.15.0-1017.21

  • ubuntulinux-aws-5.15

    < 5.15.0-1017.21~20.04.1

  • ubuntulinux-aws-5.4

    < 5.4.0-1078.84~18.04.1 | < 5.4.0-1083.90~18.04.1

  • ubuntulinux-aws-hwe

    < 4.15.0-1133.143~16.04.1 | < 4.15.0-1139.150~16.04.1

  • ubuntulinux-azure

    < 4.15.0-1142.156~16.04.1 | < 5.4.0-1083.87 | < 4.15.0-1149.164~16.04.1 | < 5.4.0-1089.94 | < 5.15.0-1017.20

  • ubuntulinux-azure-4.15

    < 4.15.0-1142.156 | < 4.15.0-1149.164

  • ubuntulinux-azure-5.4

    < 5.4.0-1083.87~18.04.1 | < 5.4.0-1089.94~18.04.1

  • ubuntulinux-gcp

    < 4.15.0-1127.142~16.04.1 | < 5.4.0-1078.84 | < 4.15.0-1134.150~16.04.2 | < 5.4.0-1086.94 | < 5.15.0-1016.21

  • ubuntulinux-gcp-4.15

    all | < 4.15.0-1134.150

  • ubuntulinux-gcp-5.15

    < 5.15.0-1016.21~20.04.1

  • ubuntulinux-gcp-5.4

    all | < 5.4.0-1086.94~18.04.1

  • ubuntulinux-gke

    < 5.4.0-1074.79 | < 5.4.0-1080.86 | < 5.15.0-1014.17

  • ubuntulinux-gke-4.15

    all

  • ubuntulinux-gke-5.15

    < 5.15.0-1014.17~20.04.1

  • ubuntulinux-gke-5.4

    < 5.4.0-1074.79~18.04.1 | < 5.4.0-1080.86~18.04.1

  • ubuntulinux-gkeop

    < 5.4.0-1046.48 | < 5.4.0-1051.54

  • ubuntulinux-gkeop-5.4

    < 5.4.0-1046.48~18.04.1 | < 5.4.0-1051.54~18.04.1

  • ubuntulinux-hwe

    < 4.15.0-184.194~16.04.1 | < 4.15.0-191.202~16.04.1

  • ubuntulinux-hwe-5.4

    < 5.4.0-117.132~18.04.1 | < 5.4.0-124.140~18.04.1

  • ubuntulinux-ibm

    < 5.4.0-1026.29 | < 5.4.0-1031.35 | < 5.15.0-1012.14

  • ubuntulinux-ibm-5.4

    < 5.4.0-1026.29~18.04.1 | < 5.4.0-1031.35~18.04.1

  • ubuntulinux-lowlatency

    < 5.15.0-46.49

  • ubuntulinux-lts-xenial

    < 4.4.0-227.261~14.04.1 | < 4.4.0-231.265~14.04.1

  • ubuntulinux-oem

    all

References (9)