Ubuntu update for linux-oem-5.17



Published: 2022-12-12 | Updated: 2023-07-03
Risk Medium
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2022-26365
CVE-2022-33743
CVE-2022-3524
CVE-2022-3564
CVE-2022-3566
CVE-2022-3567
CVE-2022-3594
CVE-2022-3621
CVE-2022-42703
CVE-2022-43945
CWE-ID CWE-200
CWE-399
CWE-401
CWE-416
CWE-362
CWE-532
CWE-476
CWE-119
Exploitation vector Network
Public exploit Public exploit code for vulnerability #9 is available.
Vulnerable software
Subscribe 		Ubuntu
Operating systems & Components / Operating system

linux-image-oem-22.04a (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.17.0-1024-oem (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-22.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU65345

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26365

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package linux-oem-5.17 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04a (Ubuntu package): before 5.17.0.1024.22

linux-image-5.17.0-1024-oem (Ubuntu package): before 5.17.0-1024.25

linux-image-oem-22.04 (Ubuntu package): before 5.17.0.1024.22

External links

http://ubuntu.com/security/notices/USN-5773-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource management error

EUVDB-ID: #VU65841

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33743

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a malicious network backend to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in eXpress Data Path support implementation in Xen, allowing Linux netfront to use freed SKBs. A malicious network backend can cause denial of service on the guest OS.


Mitigation

Update the affected package linux-oem-5.17 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04a (Ubuntu package): before 5.17.0.1024.22

linux-image-5.17.0-1024-oem (Ubuntu package): before 5.17.0-1024.25

linux-image-oem-22.04 (Ubuntu package): before 5.17.0.1024.22

External links

http://ubuntu.com/security/notices/USN-5773-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory leak

EUVDB-ID: #VU69756

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3524

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the ipv6_renew_options() function when retrieving a new IPv6 address from a malicious DHCP server. A remote attacker can force the system to leak memory and perform denial of service attack.

Mitigation

Update the affected package linux-oem-5.17 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04a (Ubuntu package): before 5.17.0.1024.22

linux-image-5.17.0-1024-oem (Ubuntu package): before 5.17.0-1024.25

linux-image-oem-22.04 (Ubuntu package): before 5.17.0.1024.22

External links

http://ubuntu.com/security/notices/USN-5773-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU69799

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3564

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the l2cap_reassemble_sdu() function in net/bluetooth/l2cap_core.c. An attacker with physical access to device can trigger a use-after-free error and execute arbitrary code on the system.

Mitigation

Update the affected package linux-oem-5.17 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04a (Ubuntu package): before 5.17.0.1024.22

linux-image-5.17.0-1024-oem (Ubuntu package): before 5.17.0-1024.25

linux-image-oem-22.04 (Ubuntu package): before 5.17.0.1024.22

External links

http://ubuntu.com/security/notices/USN-5773-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Race condition

EUVDB-ID: #VU69810

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3566

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the tcp_getsockopt() and tcp_setsockopt() functions in net/ipv4/tcp.c, do_ipv6_setsockopt() function in net/ipv6/ipv6_sockglue.c, and tcp_v6_connect() function in net/ipv6/tcp_ipv6.c in Linux kernel. A local user can exploit the race and escalate privileges on the system.

Mitigation

Update the affected package linux-oem-5.17 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04a (Ubuntu package): before 5.17.0.1024.22

linux-image-5.17.0-1024-oem (Ubuntu package): before 5.17.0-1024.25

linux-image-oem-22.04 (Ubuntu package): before 5.17.0.1024.22

External links

http://ubuntu.com/security/notices/USN-5773-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Race condition

EUVDB-ID: #VU69811

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3567

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the inet6_stream_ops() and inet6_dgram_ops() functions. A local user can exploit the race and escalate privileges on the system.

Mitigation

Update the affected package linux-oem-5.17 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04a (Ubuntu package): before 5.17.0.1024.22

linux-image-5.17.0-1024-oem (Ubuntu package): before 5.17.0-1024.25

linux-image-oem-22.04 (Ubuntu package): before 5.17.0.1024.22

External links

http://ubuntu.com/security/notices/USN-5773-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU69707

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3594

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the intr_callback() function in drivers/net/usb/r8152.c can be forced to include excessive data info the log files. A local user can read the log files and gain access to sensitive data.

Note, the vulnerability can be triggered remotely.

Mitigation

Update the affected package linux-oem-5.17 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04a (Ubuntu package): before 5.17.0.1024.22

linux-image-5.17.0-1024-oem (Ubuntu package): before 5.17.0-1024.25

linux-image-oem-22.04 (Ubuntu package): before 5.17.0.1024.22

External links

http://ubuntu.com/security/notices/USN-5773-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU69300

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3621

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the nilfs2 filesystem driver within the nilfs_bmap_lookup_at_level() function in fs/nilfs2/inode.c in Linux kernel. A remote attacker can trick the victim into mounting a specially crafted image and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-5.17 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04a (Ubuntu package): before 5.17.0.1024.22

linux-image-5.17.0-1024-oem (Ubuntu package): before 5.17.0-1024.25

linux-image-oem-22.04 (Ubuntu package): before 5.17.0.1024.22

External links

http://ubuntu.com/security/notices/USN-5773-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU69297

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-42703

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the mm/rmap.c in the Linux kernel, related to leaf anon_vma double reuse. A local user can trigger a use-after-free error and crash the kernel.

Mitigation

Update the affected package linux-oem-5.17 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04a (Ubuntu package): before 5.17.0.1024.22

linux-image-5.17.0-1024-oem (Ubuntu package): before 5.17.0-1024.25

linux-image-oem-22.04 (Ubuntu package): before 5.17.0.1024.22

External links

http://ubuntu.com/security/notices/USN-5773-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Buffer overflow

EUVDB-ID: #VU69766

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43945

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attacl.

The vulnerability exists due to a boundary error within the Linux kernel NFSD implementation. A remote attacker can send the RPC message over TCP with garbage data added at the end of the message, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-5.17 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04a (Ubuntu package): before 5.17.0.1024.22

linux-image-5.17.0-1024-oem (Ubuntu package): before 5.17.0-1024.25

linux-image-oem-22.04 (Ubuntu package): before 5.17.0.1024.22

External links

http://ubuntu.com/security/notices/USN-5773-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###