Ubuntu update for linux
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU61566
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-26401
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within LFENCE/JMP. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04, 16.04, 14.04
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-virtual (Ubuntu package): before 4.15.0.177.166
linux-image-snapdragon (Ubuntu package): before 4.15.0.1127.130
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1093.103
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-lowlatency (Ubuntu package): before 4.15.0.177.166
linux-image-kvm (Ubuntu package): before 4.15.0.1114.110
linux-image-generic-lpae (Ubuntu package): before 4.15.0.177.166
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-generic (Ubuntu package): before 4.15.0.177.166
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1122.141
linux-image-dell300x (Ubuntu package): before 4.15.0.1042.44
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1138.111
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1128.131
linux-image-4.15.0-177-lowlatency (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic-lpae (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-1138-azure (Ubuntu package): before 4.15.0-1138.151
linux-image-4.15.0-1128-aws (Ubuntu package): before 4.15.0-1128.137
linux-image-4.15.0-1127-snapdragon (Ubuntu package): before 4.15.0-1127.136
linux-image-4.15.0-1122-gcp (Ubuntu package): before 4.15.0-1122.136
linux-image-4.15.0-1114-kvm (Ubuntu package): before 4.15.0-1114.117
linux-image-4.15.0-1093-oracle (Ubuntu package): before 4.15.0-1093.102
linux-image-4.15.0-1042-dell300x (Ubuntu package): before 4.15.0-1042.47
linux-image-oracle (Ubuntu package): before 5.4.0.1071.77~18.04.50
linux-image-oem (Ubuntu package): before 5.4.0.110.124~18.04.95
linux-image-gcp (Ubuntu package): before 5.4.0.1073.57
linux-image-azure (Ubuntu package): before 5.4.0.1078.57
linux-image-gke (Ubuntu package): before 5.13.0.1024.22
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3 External links
http://ubuntu.com/security/notices/USN-5418-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Race condition
EUVDB-ID: #VU63305
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-23036
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the blkfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04, 16.04, 14.04
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-virtual (Ubuntu package): before 4.15.0.177.166
linux-image-snapdragon (Ubuntu package): before 4.15.0.1127.130
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1093.103
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-lowlatency (Ubuntu package): before 4.15.0.177.166
linux-image-kvm (Ubuntu package): before 4.15.0.1114.110
linux-image-generic-lpae (Ubuntu package): before 4.15.0.177.166
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-generic (Ubuntu package): before 4.15.0.177.166
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1122.141
linux-image-dell300x (Ubuntu package): before 4.15.0.1042.44
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1138.111
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1128.131
linux-image-4.15.0-177-lowlatency (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic-lpae (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-1138-azure (Ubuntu package): before 4.15.0-1138.151
linux-image-4.15.0-1128-aws (Ubuntu package): before 4.15.0-1128.137
linux-image-4.15.0-1127-snapdragon (Ubuntu package): before 4.15.0-1127.136
linux-image-4.15.0-1122-gcp (Ubuntu package): before 4.15.0-1122.136
linux-image-4.15.0-1114-kvm (Ubuntu package): before 4.15.0-1114.117
linux-image-4.15.0-1093-oracle (Ubuntu package): before 4.15.0-1093.102
linux-image-4.15.0-1042-dell300x (Ubuntu package): before 4.15.0-1042.47
linux-image-oracle (Ubuntu package): before 5.4.0.1071.77~18.04.50
linux-image-oem (Ubuntu package): before 5.4.0.110.124~18.04.95
linux-image-gcp (Ubuntu package): before 5.4.0.1073.57
linux-image-azure (Ubuntu package): before 5.4.0.1078.57
linux-image-gke (Ubuntu package): before 5.13.0.1024.22
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3 External links
http://ubuntu.com/security/notices/USN-5418-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Race condition
EUVDB-ID: #VU63306
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-23037
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the netfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04, 16.04, 14.04
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-virtual (Ubuntu package): before 4.15.0.177.166
linux-image-snapdragon (Ubuntu package): before 4.15.0.1127.130
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1093.103
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-lowlatency (Ubuntu package): before 4.15.0.177.166
linux-image-kvm (Ubuntu package): before 4.15.0.1114.110
linux-image-generic-lpae (Ubuntu package): before 4.15.0.177.166
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-generic (Ubuntu package): before 4.15.0.177.166
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1122.141
linux-image-dell300x (Ubuntu package): before 4.15.0.1042.44
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1138.111
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1128.131
linux-image-4.15.0-177-lowlatency (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic-lpae (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-1138-azure (Ubuntu package): before 4.15.0-1138.151
linux-image-4.15.0-1128-aws (Ubuntu package): before 4.15.0-1128.137
linux-image-4.15.0-1127-snapdragon (Ubuntu package): before 4.15.0-1127.136
linux-image-4.15.0-1122-gcp (Ubuntu package): before 4.15.0-1122.136
linux-image-4.15.0-1114-kvm (Ubuntu package): before 4.15.0-1114.117
linux-image-4.15.0-1093-oracle (Ubuntu package): before 4.15.0-1093.102
linux-image-4.15.0-1042-dell300x (Ubuntu package): before 4.15.0-1042.47
linux-image-oracle (Ubuntu package): before 5.4.0.1071.77~18.04.50
linux-image-oem (Ubuntu package): before 5.4.0.110.124~18.04.95
linux-image-gcp (Ubuntu package): before 5.4.0.1073.57
linux-image-azure (Ubuntu package): before 5.4.0.1078.57
linux-image-gke (Ubuntu package): before 5.13.0.1024.22
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3 External links
http://ubuntu.com/security/notices/USN-5418-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Race condition
EUVDB-ID: #VU63307
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-23038
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the scsifront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04, 16.04, 14.04
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-virtual (Ubuntu package): before 4.15.0.177.166
linux-image-snapdragon (Ubuntu package): before 4.15.0.1127.130
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1093.103
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-lowlatency (Ubuntu package): before 4.15.0.177.166
linux-image-kvm (Ubuntu package): before 4.15.0.1114.110
linux-image-generic-lpae (Ubuntu package): before 4.15.0.177.166
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-generic (Ubuntu package): before 4.15.0.177.166
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1122.141
linux-image-dell300x (Ubuntu package): before 4.15.0.1042.44
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1138.111
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1128.131
linux-image-4.15.0-177-lowlatency (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic-lpae (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-1138-azure (Ubuntu package): before 4.15.0-1138.151
linux-image-4.15.0-1128-aws (Ubuntu package): before 4.15.0-1128.137
linux-image-4.15.0-1127-snapdragon (Ubuntu package): before 4.15.0-1127.136
linux-image-4.15.0-1122-gcp (Ubuntu package): before 4.15.0-1122.136
linux-image-4.15.0-1114-kvm (Ubuntu package): before 4.15.0-1114.117
linux-image-4.15.0-1093-oracle (Ubuntu package): before 4.15.0-1093.102
linux-image-4.15.0-1042-dell300x (Ubuntu package): before 4.15.0-1042.47
linux-image-oracle (Ubuntu package): before 5.4.0.1071.77~18.04.50
linux-image-oem (Ubuntu package): before 5.4.0.110.124~18.04.95
linux-image-gcp (Ubuntu package): before 5.4.0.1073.57
linux-image-azure (Ubuntu package): before 5.4.0.1078.57
linux-image-gke (Ubuntu package): before 5.13.0.1024.22
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3 External links
http://ubuntu.com/security/notices/USN-5418-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Race condition
EUVDB-ID: #VU63308
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-23039
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the gntalloc ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04, 16.04, 14.04
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-virtual (Ubuntu package): before 4.15.0.177.166
linux-image-snapdragon (Ubuntu package): before 4.15.0.1127.130
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1093.103
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-lowlatency (Ubuntu package): before 4.15.0.177.166
linux-image-kvm (Ubuntu package): before 4.15.0.1114.110
linux-image-generic-lpae (Ubuntu package): before 4.15.0.177.166
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-generic (Ubuntu package): before 4.15.0.177.166
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1122.141
linux-image-dell300x (Ubuntu package): before 4.15.0.1042.44
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1138.111
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1128.131
linux-image-4.15.0-177-lowlatency (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic-lpae (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-1138-azure (Ubuntu package): before 4.15.0-1138.151
linux-image-4.15.0-1128-aws (Ubuntu package): before 4.15.0-1128.137
linux-image-4.15.0-1127-snapdragon (Ubuntu package): before 4.15.0-1127.136
linux-image-4.15.0-1122-gcp (Ubuntu package): before 4.15.0-1122.136
linux-image-4.15.0-1114-kvm (Ubuntu package): before 4.15.0-1114.117
linux-image-4.15.0-1093-oracle (Ubuntu package): before 4.15.0-1093.102
linux-image-4.15.0-1042-dell300x (Ubuntu package): before 4.15.0-1042.47
linux-image-oracle (Ubuntu package): before 5.4.0.1071.77~18.04.50
linux-image-oem (Ubuntu package): before 5.4.0.110.124~18.04.95
linux-image-gcp (Ubuntu package): before 5.4.0.1073.57
linux-image-azure (Ubuntu package): before 5.4.0.1078.57
linux-image-gke (Ubuntu package): before 5.13.0.1024.22
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3 External links
http://ubuntu.com/security/notices/USN-5418-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) Race condition
EUVDB-ID: #VU63309
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-23040
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the xenbus ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04, 16.04, 14.04
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-virtual (Ubuntu package): before 4.15.0.177.166
linux-image-snapdragon (Ubuntu package): before 4.15.0.1127.130
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1093.103
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-lowlatency (Ubuntu package): before 4.15.0.177.166
linux-image-kvm (Ubuntu package): before 4.15.0.1114.110
linux-image-generic-lpae (Ubuntu package): before 4.15.0.177.166
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-generic (Ubuntu package): before 4.15.0.177.166
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1122.141
linux-image-dell300x (Ubuntu package): before 4.15.0.1042.44
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1138.111
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1128.131
linux-image-4.15.0-177-lowlatency (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic-lpae (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-1138-azure (Ubuntu package): before 4.15.0-1138.151
linux-image-4.15.0-1128-aws (Ubuntu package): before 4.15.0-1128.137
linux-image-4.15.0-1127-snapdragon (Ubuntu package): before 4.15.0-1127.136
linux-image-4.15.0-1122-gcp (Ubuntu package): before 4.15.0-1122.136
linux-image-4.15.0-1114-kvm (Ubuntu package): before 4.15.0-1114.117
linux-image-4.15.0-1093-oracle (Ubuntu package): before 4.15.0-1093.102
linux-image-4.15.0-1042-dell300x (Ubuntu package): before 4.15.0-1042.47
linux-image-oracle (Ubuntu package): before 5.4.0.1071.77~18.04.50
linux-image-oem (Ubuntu package): before 5.4.0.110.124~18.04.95
linux-image-gcp (Ubuntu package): before 5.4.0.1073.57
linux-image-azure (Ubuntu package): before 5.4.0.1078.57
linux-image-gke (Ubuntu package): before 5.13.0.1024.22
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3 External links
http://ubuntu.com/security/notices/USN-5418-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Reachable Assertion
EUVDB-ID: #VU63311
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-23042
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to reachable assertion in the netfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04, 16.04, 14.04
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-virtual (Ubuntu package): before 4.15.0.177.166
linux-image-snapdragon (Ubuntu package): before 4.15.0.1127.130
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1093.103
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-lowlatency (Ubuntu package): before 4.15.0.177.166
linux-image-kvm (Ubuntu package): before 4.15.0.1114.110
linux-image-generic-lpae (Ubuntu package): before 4.15.0.177.166
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-generic (Ubuntu package): before 4.15.0.177.166
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1122.141
linux-image-dell300x (Ubuntu package): before 4.15.0.1042.44
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1138.111
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1128.131
linux-image-4.15.0-177-lowlatency (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic-lpae (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-1138-azure (Ubuntu package): before 4.15.0-1138.151
linux-image-4.15.0-1128-aws (Ubuntu package): before 4.15.0-1128.137
linux-image-4.15.0-1127-snapdragon (Ubuntu package): before 4.15.0-1127.136
linux-image-4.15.0-1122-gcp (Ubuntu package): before 4.15.0-1122.136
linux-image-4.15.0-1114-kvm (Ubuntu package): before 4.15.0-1114.117
linux-image-4.15.0-1093-oracle (Ubuntu package): before 4.15.0-1093.102
linux-image-4.15.0-1042-dell300x (Ubuntu package): before 4.15.0-1042.47
linux-image-oracle (Ubuntu package): before 5.4.0.1071.77~18.04.50
linux-image-oem (Ubuntu package): before 5.4.0.110.124~18.04.95
linux-image-gcp (Ubuntu package): before 5.4.0.1073.57
linux-image-azure (Ubuntu package): before 5.4.0.1078.57
linux-image-gke (Ubuntu package): before 5.13.0.1024.22
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3 External links
http://ubuntu.com/security/notices/USN-5418-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) Release of invalid pointer or reference
EUVDB-ID: #VU63315
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-24958
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to release of illegal memory vulnerability in the drivers/usb/gadget/legacy/inode.c. A remote attacker can send specially crafted data and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04, 16.04, 14.04
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-virtual (Ubuntu package): before 4.15.0.177.166
linux-image-snapdragon (Ubuntu package): before 4.15.0.1127.130
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1093.103
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-lowlatency (Ubuntu package): before 4.15.0.177.166
linux-image-kvm (Ubuntu package): before 4.15.0.1114.110
linux-image-generic-lpae (Ubuntu package): before 4.15.0.177.166
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-generic (Ubuntu package): before 4.15.0.177.166
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1122.141
linux-image-dell300x (Ubuntu package): before 4.15.0.1042.44
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1138.111
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1128.131
linux-image-4.15.0-177-lowlatency (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic-lpae (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-1138-azure (Ubuntu package): before 4.15.0-1138.151
linux-image-4.15.0-1128-aws (Ubuntu package): before 4.15.0-1128.137
linux-image-4.15.0-1127-snapdragon (Ubuntu package): before 4.15.0-1127.136
linux-image-4.15.0-1122-gcp (Ubuntu package): before 4.15.0-1122.136
linux-image-4.15.0-1114-kvm (Ubuntu package): before 4.15.0-1114.117
linux-image-4.15.0-1093-oracle (Ubuntu package): before 4.15.0-1093.102
linux-image-4.15.0-1042-dell300x (Ubuntu package): before 4.15.0-1042.47
linux-image-oracle (Ubuntu package): before 5.4.0.1071.77~18.04.50
linux-image-oem (Ubuntu package): before 5.4.0.110.124~18.04.95
linux-image-gcp (Ubuntu package): before 5.4.0.1073.57
linux-image-azure (Ubuntu package): before 5.4.0.1078.57
linux-image-gke (Ubuntu package): before 5.13.0.1024.22
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3 External links
http://ubuntu.com/security/notices/USN-5418-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) NULL pointer dereference
EUVDB-ID: #VU61270
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-25258
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error drivers/usb/gadget/composite.c in the Linux kernel. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). A local user can run a specially crafted program to trigger memory corruption and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04, 16.04, 14.04
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-virtual (Ubuntu package): before 4.15.0.177.166
linux-image-snapdragon (Ubuntu package): before 4.15.0.1127.130
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1093.103
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-lowlatency (Ubuntu package): before 4.15.0.177.166
linux-image-kvm (Ubuntu package): before 4.15.0.1114.110
linux-image-generic-lpae (Ubuntu package): before 4.15.0.177.166
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-generic (Ubuntu package): before 4.15.0.177.166
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1122.141
linux-image-dell300x (Ubuntu package): before 4.15.0.1042.44
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1138.111
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1128.131
linux-image-4.15.0-177-lowlatency (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic-lpae (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-1138-azure (Ubuntu package): before 4.15.0-1138.151
linux-image-4.15.0-1128-aws (Ubuntu package): before 4.15.0-1128.137
linux-image-4.15.0-1127-snapdragon (Ubuntu package): before 4.15.0-1127.136
linux-image-4.15.0-1122-gcp (Ubuntu package): before 4.15.0-1122.136
linux-image-4.15.0-1114-kvm (Ubuntu package): before 4.15.0-1114.117
linux-image-4.15.0-1093-oracle (Ubuntu package): before 4.15.0-1093.102
linux-image-4.15.0-1042-dell300x (Ubuntu package): before 4.15.0-1042.47
linux-image-oracle (Ubuntu package): before 5.4.0.1071.77~18.04.50
linux-image-oem (Ubuntu package): before 5.4.0.110.124~18.04.95
linux-image-gcp (Ubuntu package): before 5.4.0.1073.57
linux-image-azure (Ubuntu package): before 5.4.0.1078.57
linux-image-gke (Ubuntu package): before 5.13.0.1024.22
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3 External links
http://ubuntu.com/security/notices/USN-5418-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Exposure of Resource to Wrong Sphere
EUVDB-ID: #VU61269
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-25375
CWE-ID:
CWE-668 - Exposure of resource to wrong sphere
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in drivers/usb/gadget/function/rndis.c in the Linux kernel. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. A local user can run a specially crafted program to gain access to kernel memory.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04, 16.04, 14.04
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-virtual (Ubuntu package): before 4.15.0.177.166
linux-image-snapdragon (Ubuntu package): before 4.15.0.1127.130
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1093.103
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-lowlatency (Ubuntu package): before 4.15.0.177.166
linux-image-kvm (Ubuntu package): before 4.15.0.1114.110
linux-image-generic-lpae (Ubuntu package): before 4.15.0.177.166
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-generic (Ubuntu package): before 4.15.0.177.166
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1122.141
linux-image-dell300x (Ubuntu package): before 4.15.0.1042.44
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1138.111
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1128.131
linux-image-4.15.0-177-lowlatency (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic-lpae (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-1138-azure (Ubuntu package): before 4.15.0-1138.151
linux-image-4.15.0-1128-aws (Ubuntu package): before 4.15.0-1128.137
linux-image-4.15.0-1127-snapdragon (Ubuntu package): before 4.15.0-1127.136
linux-image-4.15.0-1122-gcp (Ubuntu package): before 4.15.0-1122.136
linux-image-4.15.0-1114-kvm (Ubuntu package): before 4.15.0-1114.117
linux-image-4.15.0-1093-oracle (Ubuntu package): before 4.15.0-1093.102
linux-image-4.15.0-1042-dell300x (Ubuntu package): before 4.15.0-1042.47
linux-image-oracle (Ubuntu package): before 5.4.0.1071.77~18.04.50
linux-image-oem (Ubuntu package): before 5.4.0.110.124~18.04.95
linux-image-gcp (Ubuntu package): before 5.4.0.1073.57
linux-image-azure (Ubuntu package): before 5.4.0.1078.57
linux-image-gke (Ubuntu package): before 5.13.0.1024.22
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3 External links
http://ubuntu.com/security/notices/USN-5418-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
11) Buffer overflow
EUVDB-ID: #VU62601
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-26490
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the st21nfca_connectivity_event_received() function in drivers/nfc/st21nfca/se.c in Linux kernel. A local user can run a specially crafted program to trigger buffer overflow and execute arbitrary code with elevated privileges.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04, 16.04, 14.04
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-virtual (Ubuntu package): before 4.15.0.177.166
linux-image-snapdragon (Ubuntu package): before 4.15.0.1127.130
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1093.103
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-lowlatency (Ubuntu package): before 4.15.0.177.166
linux-image-kvm (Ubuntu package): before 4.15.0.1114.110
linux-image-generic-lpae (Ubuntu package): before 4.15.0.177.166
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-generic (Ubuntu package): before 4.15.0.177.166
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1122.141
linux-image-dell300x (Ubuntu package): before 4.15.0.1042.44
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1138.111
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1128.131
linux-image-4.15.0-177-lowlatency (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic-lpae (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-1138-azure (Ubuntu package): before 4.15.0-1138.151
linux-image-4.15.0-1128-aws (Ubuntu package): before 4.15.0-1128.137
linux-image-4.15.0-1127-snapdragon (Ubuntu package): before 4.15.0-1127.136
linux-image-4.15.0-1122-gcp (Ubuntu package): before 4.15.0-1122.136
linux-image-4.15.0-1114-kvm (Ubuntu package): before 4.15.0-1114.117
linux-image-4.15.0-1093-oracle (Ubuntu package): before 4.15.0-1093.102
linux-image-4.15.0-1042-dell300x (Ubuntu package): before 4.15.0-1042.47
linux-image-oracle (Ubuntu package): before 5.4.0.1071.77~18.04.50
linux-image-oem (Ubuntu package): before 5.4.0.110.124~18.04.95
linux-image-gcp (Ubuntu package): before 5.4.0.1073.57
linux-image-azure (Ubuntu package): before 5.4.0.1078.57
linux-image-gke (Ubuntu package): before 5.13.0.1024.22
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3 External links
http://ubuntu.com/security/notices/USN-5418-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
12) Use-after-free
EUVDB-ID: #VU63318
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-26966
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in drivers/net/usb/sr9700.c in the Linux kernel. A remote attacker can pass specially crafted data and obtain sensitive information from heap memory.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04, 16.04, 14.04
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-virtual (Ubuntu package): before 4.15.0.177.166
linux-image-snapdragon (Ubuntu package): before 4.15.0.1127.130
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1093.103
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-lowlatency (Ubuntu package): before 4.15.0.177.166
linux-image-kvm (Ubuntu package): before 4.15.0.1114.110
linux-image-generic-lpae (Ubuntu package): before 4.15.0.177.166
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-generic (Ubuntu package): before 4.15.0.177.166
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1122.141
linux-image-dell300x (Ubuntu package): before 4.15.0.1042.44
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1138.111
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1128.131
linux-image-4.15.0-177-lowlatency (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic-lpae (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-1138-azure (Ubuntu package): before 4.15.0-1138.151
linux-image-4.15.0-1128-aws (Ubuntu package): before 4.15.0-1128.137
linux-image-4.15.0-1127-snapdragon (Ubuntu package): before 4.15.0-1127.136
linux-image-4.15.0-1122-gcp (Ubuntu package): before 4.15.0-1122.136
linux-image-4.15.0-1114-kvm (Ubuntu package): before 4.15.0-1114.117
linux-image-4.15.0-1093-oracle (Ubuntu package): before 4.15.0-1093.102
linux-image-4.15.0-1042-dell300x (Ubuntu package): before 4.15.0-1042.47
linux-image-oracle (Ubuntu package): before 5.4.0.1071.77~18.04.50
linux-image-oem (Ubuntu package): before 5.4.0.110.124~18.04.95
linux-image-gcp (Ubuntu package): before 5.4.0.1073.57
linux-image-azure (Ubuntu package): before 5.4.0.1078.57
linux-image-gke (Ubuntu package): before 5.13.0.1024.22
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3 External links
http://ubuntu.com/security/notices/USN-5418-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
13) Improper Validation of Array Index
EUVDB-ID: #VU63316
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-27223
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code with elevated privileges.
The vulnerability exists due to improper validation of array index in drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel. A remote attacker can send specially crafted data to the system and execute arbitrary code with elevated privileges.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04, 16.04, 14.04
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-virtual (Ubuntu package): before 4.15.0.177.166
linux-image-snapdragon (Ubuntu package): before 4.15.0.1127.130
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1093.103
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-lowlatency (Ubuntu package): before 4.15.0.177.166
linux-image-kvm (Ubuntu package): before 4.15.0.1114.110
linux-image-generic-lpae (Ubuntu package): before 4.15.0.177.166
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.177.166
linux-image-generic (Ubuntu package): before 4.15.0.177.166
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1122.141
linux-image-dell300x (Ubuntu package): before 4.15.0.1042.44
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1138.111
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1128.131
linux-image-4.15.0-177-lowlatency (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic-lpae (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-177-generic (Ubuntu package): before 4.15.0-177.186
linux-image-4.15.0-1138-azure (Ubuntu package): before 4.15.0-1138.151
linux-image-4.15.0-1128-aws (Ubuntu package): before 4.15.0-1128.137
linux-image-4.15.0-1127-snapdragon (Ubuntu package): before 4.15.0-1127.136
linux-image-4.15.0-1122-gcp (Ubuntu package): before 4.15.0-1122.136
linux-image-4.15.0-1114-kvm (Ubuntu package): before 4.15.0-1114.117
linux-image-4.15.0-1093-oracle (Ubuntu package): before 4.15.0-1093.102
linux-image-4.15.0-1042-dell300x (Ubuntu package): before 4.15.0-1042.47
linux-image-oracle (Ubuntu package): before 5.4.0.1071.77~18.04.50
linux-image-oem (Ubuntu package): before 5.4.0.110.124~18.04.95
linux-image-gcp (Ubuntu package): before 5.4.0.1073.57
linux-image-azure (Ubuntu package): before 5.4.0.1078.57
linux-image-gke (Ubuntu package): before 5.13.0.1024.22
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3 External links
http://ubuntu.com/security/notices/USN-5418-1
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
