USN-5442-2

Advisory lineage Upstream: 6 Downstream: 0
Published: 01 Jun 2022, 04:18
Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

01 Jun 2022, 04:18
Published
Vulnerability first disclosed
03 Jun 2026, 13:34
Last Modified
Vulnerability information updated

Description

linux-bluefield, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-ibm-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-29581) Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux kernel contained in integer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1116) Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions. (CVE-2022-30594)

Affected Systems

  • ubuntulinux-bluefield

    < 5.4.0-1036.39

  • ubuntulinux-gcp-5.4

    < 5.4.0-1075.80~18.04.1

  • ubuntulinux-gkeop

    < 5.4.0-1043.44

  • ubuntulinux-gkeop-5.4

    < 5.4.0-1043.44~18.04.1

  • ubuntulinux-ibm-5.4

    < 5.4.0-1023.25~18.04.1

  • ubuntulinux-oracle

    < 5.4.0-1073.79

  • ubuntulinux-oracle-5.4

    < 5.4.0-1073.79~18.04.1

  • ubuntulinux-raspi

    < 5.4.0-1062.70

  • ubuntulinux-raspi-5.4

    < 5.4.0-1062.70~18.04.1

References (4)