USN-5418-1
Vulnerability Summary
Timeline
Description
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon vulnerabilities Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest. (CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039, CVE-2022-23040, CVE-2022-23042) It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-24958) It was discovered that the USB gadget subsystem in the Linux kernel did not properly validate interface descriptor requests. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-25258) It was discovered that the Remote NDIS (RNDIS) USB gadget implementation in the Linux kernel did not properly validate the size of the RNDIS_MSG_SET command. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-25375) It was discovered that the ST21NFCA NFC driver in the Linux kernel did not properly validate the size of certain data in EVT_TRANSACTION events. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-26490) It was discovered that the USB SR9700 ethernet device driver for the Linux kernel did not properly validate the length of requests from the device. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-26966) It was discovered that the Xilinx USB2 device gadget driver in the Linux kernel did not properly validate endpoint indices from the host. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-27223)
Affected Systems
- ubuntu•linux
< 4.15.0-177.186
- ubuntu•linux-aws
< 4.15.0-1128.137
- ubuntu•linux-aws-hwe
< 4.15.0-1128.137~16.04.1
- ubuntu•linux-azure
< 4.15.0-1138.151~14.04.1 | < 4.15.0-1138.151~16.04.1
- ubuntu•linux-azure-4.15
< 4.15.0-1138.151
- ubuntu•linux-dell300x
< 4.15.0-1042.47
- ubuntu•linux-gcp
< 4.15.0-1122.136~16.04.1
- ubuntu•linux-gcp-4.15
< 4.15.0-1122.136
- ubuntu•linux-hwe
< 4.15.0-177.186~16.04.1
- ubuntu•linux-kvm
< 4.15.0-1114.117
- ubuntu•linux-oracle
< 4.15.0-1093.102~16.04.1 | < 4.15.0-1093.102
- ubuntu•linux-snapdragon
< 4.15.0-1127.136
References (14)
- https://ubuntu.com/security/notices/USN-5418-1
- https://ubuntu.com/security/CVE-2021-26401
- https://ubuntu.com/security/CVE-2022-23036
- https://ubuntu.com/security/CVE-2022-23037
- https://ubuntu.com/security/CVE-2022-23038
- https://ubuntu.com/security/CVE-2022-23039
- https://ubuntu.com/security/CVE-2022-23040
- https://ubuntu.com/security/CVE-2022-23042
- https://ubuntu.com/security/CVE-2022-24958
- https://ubuntu.com/security/CVE-2022-25258
- https://ubuntu.com/security/CVE-2022-25375
- https://ubuntu.com/security/CVE-2022-26490
- https://ubuntu.com/security/CVE-2022-26966
- https://ubuntu.com/security/CVE-2022-27223