UBUNTU-CVE-2022-1204

Description

A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Systems

• ubuntu•linux

  all | < 4.4.0-234.268 | < 4.15.0-189.200 | < 5.4.0-122.138 | < 5.15.0-37.39

• ubuntu•linux-aws

  < 4.4.0-1113.119 | < 4.4.0-1151.166 | < 4.15.0-1137.148 | < 5.4.0-1081.88 | < 5.15.0-1011.14

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1081.88~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-fips

  < 4.15.0-2076.81 | all | < 5.4.0-1081.88+fips1

• ubuntu•linux-aws-hwe

  < 4.15.0-1137.148~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1146.161~14.04.1 | < 4.15.0-1146.161~16.04.1 | all | < 5.4.0-1086.91 | < 5.15.0-1010.12

• ubuntu•linux-azure-4.15

  < 4.15.0-1146.161

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1008.9~20.04.1

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1086.91~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde-5.15

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2057.63 | all | < 5.4.0-1086.91+fips1

• ubuntu•linux-bluefield

  < 5.4.0-1042.47 | all

• ubuntu•linux-dell300x

  < 4.15.0-1049.54

• ubuntu•linux-fips

  < 4.4.0-1083.90 | all | < 4.15.0-1094.105 | < 5.4.0-1057.65

• ubuntu•linux-gcp

  < 4.15.0-1131.147~16.04.1 | all | < 5.4.0-1084.92 | < 5.15.0-1008.12

• ubuntu•linux-gcp-4.15

  < 4.15.0-1131.147

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1084.92~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-fips

  < 4.15.0-2041.46 | all | < 5.4.0-1081.88+fips1

• ubuntu•linux-gke

  < 5.4.0-1078.84 | < 5.15.0-1008.10

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.4

  < 5.4.0-1078.84~18.04.1

• ubuntu•linux-gkeop

  < 5.4.0-1049.52

• ubuntu•linux-gkeop-5.4

  < 5.4.0-1049.52~18.04.1

• ubuntu•linux-hwe

  < 4.15.0-189.200~16.04.1 | all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.15

  < 5.15.0-41.44~20.04.1

• ubuntu•linux-hwe-5.4

  < 5.4.0-122.138~18.04.1

• ubuntu•linux-hwe-5.8

  all

• ubuntu•linux-hwe-edge

  all | all

• ubuntu•linux-ibm

  < 5.4.0-1029.33 | < 5.15.0-1007.8

• ubuntu•linux-ibm-5.4

  < 5.4.0-1029.33~18.04.1

• ubuntu•linux-intel-5.13

  all

• ubuntu•linux-intel-iot-realtime

  all

• ubuntu•linux-intel-iotg

  < 5.15.0-1008.11

• ubuntu•linux-intel-iotg-5.15

  < 5.15.0-1008.11~20.04.1

Showing first 50 affected entries in server-rendered view.

References (15)

• https://ubuntu.com/security/CVE-2022-1204
• https://marc.info/?i=20c5f3a.325bc.17fe90c96f4.Coremail.duoming@zju.edu.cn
• https://github.com/torvalds/linux/commit/d01ffb9eee4af165d83b08dd73ebdf9fe94a519b
• https://github.com/torvalds/linux/commit/87563a043cef044fed5db7967a75741cc16ad2b1
• https://github.com/torvalds/linux/commit/feef318c855a361a1eccd880f33e88c460eb63b4
• https://github.com/torvalds/linux/commit/9fd75b66b8f68498454d685dc4ba13192ae069b0
• https://github.com/torvalds/linux/commit/5352a761308397a0e6250fdc629bb3f615b94747
• https://www.openwall.com/lists/oss-security/2022/04/02/2
• https://ubuntu.com/security/notices/USN-5469-1
• https://ubuntu.com/security/notices/USN-5514-1
• https://ubuntu.com/security/notices/USN-5515-1
• https://ubuntu.com/security/notices/USN-5539-1
• https://ubuntu.com/security/notices/USN-5541-1
• https://ubuntu.com/security/notices/USN-5650-1
• https://www.cve.org/CVERecord?id=CVE-2022-1204