LSN-0090-1

Advisory lineage Upstream: 12 Downstream: 0
Published: 16 Nov 2022, 10:00
Last modified:03 Jun 2026, 14:03

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

16 Nov 2022, 10:00
Published
Vulnerability first disclosed
03 Jun 2026, 14:03
Last Modified
Vulnerability information updated

Description

Kernel Live Patch Security Notice David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-1015) David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2022-2602) Sönke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause an denial of service (system crash) or possibly execute arbitrary code.(CVE-2022-41674) Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42720) Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly handle BSSID/SSID lists in some situations. A physically proximate attacker could use this to cause a denial of service (infinite loop). (CVE-2022-42721) Sönke Huster discovered that the WiFi driver stack in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-42722)

Affected Systems

  • ubuntulinux

    all | < 5.15.0-27.28 | < 5.4.0-131.147 | < 5.15.0-52.58

  • ubuntulinux-aws

    all | < 5.15.0-1005.7 | < 5.4.0-1088.96 | < 5.15.0-1022.26

  • ubuntulinux-aws-5.15

    all | < 5.15.0-1022.26~20.04.1

  • ubuntulinux-aws-5.4

    all | < 5.4.0-1088.96~18.04.1

  • ubuntulinux-azure

    all | < 5.15.0-1005.6 | < 5.4.0-1094.100 | < 5.15.0-1022.27

  • ubuntulinux-azure-5.4

    all | < 5.4.0-1094.100~18.04.1

  • ubuntulinux-gcp

    all | < 5.15.0-1004.7 | < 5.4.0-1092.101 | < 5.15.0-1021.28

  • ubuntulinux-gcp-5.15

    all | < 5.15.0-1021.28~20.04.1

  • ubuntulinux-gcp-5.4

    all | < 5.4.0-1092.101~18.04.1

  • ubuntulinux-gke

    all | < 5.15.0-1003.3 | < 5.4.0-1086.93 | < 5.15.0-1019.23

  • ubuntulinux-gke-5.15

    all | < 5.15.0-1019.23~20.04.1

  • ubuntulinux-gke-5.4

    all

  • ubuntulinux-gkeop

    all | < 5.4.0-1056.60

  • ubuntulinux-gkeop-5.4

    all

  • ubuntulinux-hwe-5.4

    all | < 5.4.0-131.147~18.04.1

  • ubuntulinux-ibm

    all | < 5.15.0-1003.3 | < 5.4.0-1036.41 | < 5.15.0-1017.20

  • ubuntulinux-ibm-5.4

    all | < 5.4.0-1036.41~18.04.1

  • ubuntulinux-lowlatency

    < 5.15.0-27.28 | < 5.15.0-52.58

References (7)