USN-5692-1

Advisory lineage Upstream: 12 Downstream: 0
Published: 19 Oct 2022, 22:06
Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

19 Oct 2022, 22:06
Published
Vulnerability first disclosed
03 Jun 2026, 13:34
Last Modified
Vulnerability information updated

Description

linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oem-5.14, linux-oracle, linux-raspi vulnerabilities David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2602) Sönke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41674) Sönke Huster discovered that a use-after-free vulnerability existed in the WiFi driver stack in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42719) Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42720) Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly handle BSSID/SSID lists in some situations. A physically proximate attacker could use this to cause a denial of service (infinite loop). (CVE-2022-42721) Sönke Huster discovered that the WiFi driver stack in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-42722)

Affected Systems

  • ubuntulinux

    < 5.15.0-52.58

  • ubuntulinux-aws

    < 5.15.0-1022.26

  • ubuntulinux-aws-5.15

    < 5.15.0-1022.26~20.04.1

  • ubuntulinux-azure

    < 5.15.0-1022.27

  • ubuntulinux-azure-5.15

    < 5.15.0-1022.27~20.04.1

  • ubuntulinux-gcp

    < 5.15.0-1021.28

  • ubuntulinux-gcp-5.15

    < 5.15.0-1021.28~20.04.1

  • ubuntulinux-gke

    < 5.15.0-1019.23

  • ubuntulinux-gke-5.15

    < 5.15.0-1019.23~20.04.1

  • ubuntulinux-gkeop

    < 5.15.0-1007.10

  • ubuntulinux-hwe-5.15

    < 5.15.0-52.58~20.04.1

  • ubuntulinux-ibm

    < 5.15.0-1017.20

  • ubuntulinux-kvm

    < 5.15.0-1020.24

  • ubuntulinux-lowlatency

    < 5.15.0-52.58

  • ubuntulinux-lowlatency-hwe-5.15

    < 5.15.0-52.58~20.04.1

  • ubuntulinux-oem-5.14

    < 5.14.0-1054.61

  • ubuntulinux-oracle

    < 5.15.0-1021.27

  • ubuntulinux-raspi

    < 5.15.0-1017.19

References (7)