USN-5790-1

Advisory lineage Upstream: 14 Downstream: 0

Upstream

CVE-2021-4159 CVE-2022-20421 CVE-2022-3061 CVE-2022-3586 CVE-2022-39188 CVE-2022-40307

Published: 06 Jan 2023, 20:27

Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

06 Jan 2023, 20:27

Published

Vulnerability first disclosed

03 Jun 2026, 13:34

Last Modified

Vulnerability information updated

Description

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-4159) It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20421) It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3586) Jann Horn discovered a race condition existed in the Linux kernel when unmapping VMAs in certain situations, resulting in possible use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-39188) It was discovered that a race condition existed in the EFI capsule loader driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-40307) Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4095)

Affected Systems

ubuntu•linux
< 4.15.0-201.212
ubuntu•linux-aws
< 4.15.0-1147.159
ubuntu•linux-aws-hwe
< 4.15.0-1147.159~16.04.1
ubuntu•linux-azure
< 4.15.0-1158.173~14.04.1
ubuntu•linux-azure-4.15
< 4.15.0-1158.173
ubuntu•linux-dell300x
< 4.15.0-1058.63
ubuntu•linux-gcp
< 4.15.0-1142.158~16.04.1
ubuntu•linux-gcp-4.15
< 4.15.0-1142.158
ubuntu•linux-hwe
< 4.15.0-201.212~16.04.1
ubuntu•linux-kvm
< 4.15.0-1133.138
ubuntu•linux-oracle
< 4.15.0-1112.123~16.04.1 | < 4.15.0-1112.123
ubuntu•linux-raspi2
< 4.15.0-1125.133
ubuntu•linux-snapdragon
< 4.15.0-1143.153

USN-5790-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (8)