USN-5413-1
Vulnerability Summary
Timeline
Description
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-27820) It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39713) It was discovered that the Parallel NFS (pNFS) implementation in the Linux kernel did not properly perform bounds checking in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4157) It was discovered that the ST21NFCA NFC driver in the Linux kernel did not properly validate the size of certain data in EVT_TRANSACTION events. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-26490) It was discovered that the Xilinx USB2 device gadget driver in the Linux kernel did not properly validate endpoint indices from the host. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-27223) It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-28390)
Affected Systems
- ubuntu•linux
< 4.4.0-224.257
- ubuntu•linux-aws
< 4.4.0-1140.154
- ubuntu•linux-kvm
< 4.4.0-1105.114
- ubuntu•linux-lts-xenial
< 4.4.0-224.257~14.04.1