Ubuntu update for linux
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU61210
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-0617
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel UDF file system functionality. A local user can supply a malicious UDF image to the udf_file_write_iter() function and perform a denial of service (DoS) attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-lowlatency (Ubuntu package): before 5.4.0.109.113
linux-image-5.4.0-1072-aws (Ubuntu package): before 5.4.0-1072.77
linux-image-generic-lpae (Ubuntu package): before 5.4.0.109.113
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1070.70
linux-image-kvm (Ubuntu package): before 5.4.0.1062.61
linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1068.78
linux-image-raspi (Ubuntu package): before 5.4.0.1059.93
linux-image-5.4.0-109-generic (Ubuntu package): before 5.4.0-109.123~18.04.1
linux-image-5.4.0-1039-gkeop (Ubuntu package): before 5.4.0-1039.40~18.04.1
linux-image-5.4.0-1072-gcp (Ubuntu package): before 5.4.0-1072.77~18.04.1
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1072.80
linux-image-5.4.0-109-lowlatency (Ubuntu package): before 5.4.0-109.123~18.04.1
linux-image-raspi2 (Ubuntu package): before 5.4.0.1059.93
linux-image-5.4.0-1020-ibm (Ubuntu package): before 5.4.0-1020.22~18.04.1
linux-image-5.4.0-1070-oracle (Ubuntu package): before 5.4.0-1070.76~18.04.1
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1072.74
linux-image-5.4.0-1076-azure-fde (Ubuntu package): before 5.4.0-1076.79+cvm1.1
linux-image-ibm (Ubuntu package): before 5.4.0.1020.37
linux-image-gke (Ubuntu package): before 5.4.0.1068.78
linux-image-5.4.0-1077-azure (Ubuntu package): before 5.4.0-1077.80~18.04.1
linux-image-azure-fde (Ubuntu package): before 5.4.0.1076.79+cvm1.21
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1039.42
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1077.75
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1020.20
linux-image-5.4.0-1068-gke (Ubuntu package): before 5.4.0-1068.71~18.04.1
linux-image-oem-osp1 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-5.4.0-1059-raspi (Ubuntu package): before 5.4.0-1059.67
linux-image-oem (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-generic (Ubuntu package): before 5.4.0.109.113
linux-image-virtual (Ubuntu package): before 5.4.0.109.113
linux-image-gkeop (Ubuntu package): before 5.4.0.1039.42
linux-image-5.4.0-109-generic-lpae (Ubuntu package): before 5.4.0-109.123~18.04.1
linux-image-5.4.0-1062-kvm (Ubuntu package): before 5.4.0-1062.65
linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1059.60
linux-image-oracle (Ubuntu package): before 5.4.0.1070.76~18.04.49
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-gcp (Ubuntu package): before 5.4.0.1072.56
linux-image-azure (Ubuntu package): before 5.4.0.1077.56
Fixed software versionsCPE2.3 External links
http://ubuntu.com/security/notices/USN-5384-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Missing initialization of resource
EUVDB-ID: #VU61211
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-24448
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to missing initialization of resource within the fs/nfs/dir.c in the Linux kernel. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-lowlatency (Ubuntu package): before 5.4.0.109.113
linux-image-5.4.0-1072-aws (Ubuntu package): before 5.4.0-1072.77
linux-image-generic-lpae (Ubuntu package): before 5.4.0.109.113
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1070.70
linux-image-kvm (Ubuntu package): before 5.4.0.1062.61
linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1068.78
linux-image-raspi (Ubuntu package): before 5.4.0.1059.93
linux-image-5.4.0-109-generic (Ubuntu package): before 5.4.0-109.123~18.04.1
linux-image-5.4.0-1039-gkeop (Ubuntu package): before 5.4.0-1039.40~18.04.1
linux-image-5.4.0-1072-gcp (Ubuntu package): before 5.4.0-1072.77~18.04.1
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1072.80
linux-image-5.4.0-109-lowlatency (Ubuntu package): before 5.4.0-109.123~18.04.1
linux-image-raspi2 (Ubuntu package): before 5.4.0.1059.93
linux-image-5.4.0-1020-ibm (Ubuntu package): before 5.4.0-1020.22~18.04.1
linux-image-5.4.0-1070-oracle (Ubuntu package): before 5.4.0-1070.76~18.04.1
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1072.74
linux-image-5.4.0-1076-azure-fde (Ubuntu package): before 5.4.0-1076.79+cvm1.1
linux-image-ibm (Ubuntu package): before 5.4.0.1020.37
linux-image-gke (Ubuntu package): before 5.4.0.1068.78
linux-image-5.4.0-1077-azure (Ubuntu package): before 5.4.0-1077.80~18.04.1
linux-image-azure-fde (Ubuntu package): before 5.4.0.1076.79+cvm1.21
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1039.42
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1077.75
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1020.20
linux-image-5.4.0-1068-gke (Ubuntu package): before 5.4.0-1068.71~18.04.1
linux-image-oem-osp1 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-5.4.0-1059-raspi (Ubuntu package): before 5.4.0-1059.67
linux-image-oem (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-generic (Ubuntu package): before 5.4.0.109.113
linux-image-virtual (Ubuntu package): before 5.4.0.109.113
linux-image-gkeop (Ubuntu package): before 5.4.0.1039.42
linux-image-5.4.0-109-generic-lpae (Ubuntu package): before 5.4.0-109.123~18.04.1
linux-image-5.4.0-1062-kvm (Ubuntu package): before 5.4.0-1062.65
linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1059.60
linux-image-oracle (Ubuntu package): before 5.4.0.1070.76~18.04.49
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-gcp (Ubuntu package): before 5.4.0.1072.56
linux-image-azure (Ubuntu package): before 5.4.0.1077.56
Fixed software versionsCPE2.3 External links
http://ubuntu.com/security/notices/USN-5384-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Memory leak
EUVDB-ID: #VU62482
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-24959
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the yam_siocdevprivate() function in drivers/net/hamradio/yam.c. A local user can perform a denial of service attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-lowlatency (Ubuntu package): before 5.4.0.109.113
linux-image-5.4.0-1072-aws (Ubuntu package): before 5.4.0-1072.77
linux-image-generic-lpae (Ubuntu package): before 5.4.0.109.113
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1070.70
linux-image-kvm (Ubuntu package): before 5.4.0.1062.61
linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1068.78
linux-image-raspi (Ubuntu package): before 5.4.0.1059.93
linux-image-5.4.0-109-generic (Ubuntu package): before 5.4.0-109.123~18.04.1
linux-image-5.4.0-1039-gkeop (Ubuntu package): before 5.4.0-1039.40~18.04.1
linux-image-5.4.0-1072-gcp (Ubuntu package): before 5.4.0-1072.77~18.04.1
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1072.80
linux-image-5.4.0-109-lowlatency (Ubuntu package): before 5.4.0-109.123~18.04.1
linux-image-raspi2 (Ubuntu package): before 5.4.0.1059.93
linux-image-5.4.0-1020-ibm (Ubuntu package): before 5.4.0-1020.22~18.04.1
linux-image-5.4.0-1070-oracle (Ubuntu package): before 5.4.0-1070.76~18.04.1
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1072.74
linux-image-5.4.0-1076-azure-fde (Ubuntu package): before 5.4.0-1076.79+cvm1.1
linux-image-ibm (Ubuntu package): before 5.4.0.1020.37
linux-image-gke (Ubuntu package): before 5.4.0.1068.78
linux-image-5.4.0-1077-azure (Ubuntu package): before 5.4.0-1077.80~18.04.1
linux-image-azure-fde (Ubuntu package): before 5.4.0.1076.79+cvm1.21
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1039.42
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1077.75
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1020.20
linux-image-5.4.0-1068-gke (Ubuntu package): before 5.4.0-1068.71~18.04.1
linux-image-oem-osp1 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-5.4.0-1059-raspi (Ubuntu package): before 5.4.0-1059.67
linux-image-oem (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-generic (Ubuntu package): before 5.4.0.109.113
linux-image-virtual (Ubuntu package): before 5.4.0.109.113
linux-image-gkeop (Ubuntu package): before 5.4.0.1039.42
linux-image-5.4.0-109-generic-lpae (Ubuntu package): before 5.4.0-109.123~18.04.1
linux-image-5.4.0-1062-kvm (Ubuntu package): before 5.4.0-1062.65
linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1059.60
linux-image-oracle (Ubuntu package): before 5.4.0.1070.76~18.04.49
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.109.123~18.04.94
linux-image-gcp (Ubuntu package): before 5.4.0.1072.56
linux-image-azure (Ubuntu package): before 5.4.0.1077.56
Fixed software versionsCPE2.3 External links
http://ubuntu.com/security/notices/USN-5384-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
