UBUNTU-CVE-2022-36123

Description

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-azure

  all

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-gcp

  all

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.8

  all

• ubuntu•linux-hwe-edge

  all | all

• ubuntu•linux-intel-5.13

  all

• ubuntu•linux-oem

  all

• ubuntu•linux-oem-5.10

  all

• ubuntu•linux-oem-5.13

  all

• ubuntu•linux-oem-5.6

  all

• ubuntu•linux-oracle-5.0

  all

• ubuntu•linux-oracle-5.11

  all

• ubuntu•linux-oracle-5.13

  all

• ubuntu•linux-oracle-5.3

  all

• ubuntu•linux-oracle-5.8

  all

• ubuntu•linux-raspi2

  all

• ubuntu•linux-riscv

  all

• ubuntu•linux-riscv-5.11

  all

• ubuntu•linux-riscv-5.8

  all

References (7)

• https://ubuntu.com/security/CVE-2022-36123
• https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md
• https://sick.codes/sick-2022-128
• https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13
• https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884
• https://www.cve.org/CVERecord?id=CVE-2022-36123