USN-5756-1

Advisory lineage Upstream: 16 Downstream: 0

Upstream

CVE-2022-3524 CVE-2022-3564 CVE-2022-3565 CVE-2022-3566 CVE-2022-3567 CVE-2022-3594

Published: 01 Dec 2022, 18:26

Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 Dec 2022, 18:26

Published

Vulnerability first disclosed

03 Jun 2026, 13:34

Last Modified

Vulnerability information updated

Description

linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621)

Affected Systems

ubuntu•linux
< 5.4.0-135.152
ubuntu•linux-aws
< 5.4.0-1092.100
ubuntu•linux-aws-5.4
< 5.4.0-1092.100~18.04.2
ubuntu•linux-gcp
< 5.4.0-1096.105
ubuntu•linux-gcp-5.4
< 5.4.0-1096.105~18.04.2
ubuntu•linux-gkeop
< 5.4.0-1060.64
ubuntu•linux-hwe-5.4
< 5.4.0-135.152~18.04.2
ubuntu•linux-ibm
< 5.4.0-1040.45
ubuntu•linux-ibm-5.4
< 5.4.0-1040.45~18.04.2
ubuntu•linux-kvm
< 5.4.0-1082.88
ubuntu•linux-oracle
< 5.4.0-1090.99
ubuntu•linux-oracle-5.4
< 5.4.0-1090.99~18.04.2
ubuntu•linux-raspi
< 5.4.0-1077.88
ubuntu•linux-raspi-5.4
< 5.4.0-1077.88~18.04.2

USN-5756-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (9)