USN-5791-1
Vulnerability Summary
Timeline
Description
linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20421) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303) Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3586) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-39842) It was discovered that a race condition existed in the EFI capsule loader driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-40307) Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4095) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) Jann Horn discovered a race condition existed in the Linux kernel when unmapping VMAs in certain situations, resulting in possible use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-39188)
Affected Systems
- ubuntu•linux
< 5.4.0-136.153
- ubuntu•linux-aws
< 5.4.0-1093.101
- ubuntu•linux-aws-5.4
< 5.4.0-1093.102~18.04.2
- ubuntu•linux-gcp
< 5.4.0-1097.106
- ubuntu•linux-gcp-5.4
< 5.4.0-1097.106~18.04.1
- ubuntu•linux-gke
< 5.4.0-1091.98
- ubuntu•linux-gkeop
< 5.4.0-1061.65
- ubuntu•linux-hwe-5.4
< 5.4.0-136.153~18.04.1
- ubuntu•linux-ibm
< 5.4.0-1041.46
- ubuntu•linux-ibm-5.4
< 5.4.0-1041.46~18.04.1
- ubuntu•linux-kvm
< 5.4.0-1083.89
- ubuntu•linux-oracle
< 5.4.0-1091.100
- ubuntu•linux-oracle-5.4
< 5.4.0-1091.100~18.04.1
- ubuntu•linux-raspi
< 5.4.0-1078.89
- ubuntu•linux-raspi-5.4
< 5.4.0-1078.89~18.04.1
References (12)
- https://ubuntu.com/security/notices/USN-5791-1
- https://ubuntu.com/security/CVE-2022-2663
- https://ubuntu.com/security/CVE-2022-3061
- https://ubuntu.com/security/CVE-2022-3303
- https://ubuntu.com/security/CVE-2022-3586
- https://ubuntu.com/security/CVE-2022-3646
- https://ubuntu.com/security/CVE-2022-4095
- https://ubuntu.com/security/CVE-2022-20421
- https://ubuntu.com/security/CVE-2022-39188
- https://ubuntu.com/security/CVE-2022-39842
- https://ubuntu.com/security/CVE-2022-40307
- https://ubuntu.com/security/CVE-2022-43750