Ubuntu update for linux-azure



Published: 2022-12-12 | Updated: 2023-07-03
Risk Medium
Patch available YES
Number of vulnerabilities 16
CVE-ID CVE-2022-20422
CVE-2022-2153
CVE-2022-2978
CVE-2022-3028
CVE-2022-3239
CVE-2022-3524
CVE-2022-3564
CVE-2022-3565
CVE-2022-3566
CVE-2022-3567
CVE-2022-3594
CVE-2022-3621
CVE-2022-3635
CVE-2022-36879
CVE-2022-40768
CVE-2022-42703
CWE-ID CWE-787
CWE-476
CWE-416
CWE-362
CWE-401
CWE-119
CWE-532
CWE-399
CWE-284
Exploitation vector Network
Public exploit Public exploit code for vulnerability #16 is available.
Vulnerable software
Subscribe 		Ubuntu
Operating systems & Components / Operating system

linux-image-4.15.0-1157-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure-lts-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 16 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU67866

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20422

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within emulation_proc_handler() in armv8 emulation in arch/arm64/kernel/armv8_deprecated.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU64920

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2153

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel’s KVM when attempting to set a SynIC IRQ. A local user on the host can issue specific ioctl calls, causing a denial of service.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU67812

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2978

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Linux kernel NILFS file system. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Race condition

EUVDB-ID: #VU67477

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3028

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. A local user can exploit the race and escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU68337

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3239

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Linux kernel video4linux driver in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory leak

EUVDB-ID: #VU69756

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3524

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the ipv6_renew_options() function when retrieving a new IPv6 address from a malicious DHCP server. A remote attacker can force the system to leak memory and perform denial of service attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU69799

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3564

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the l2cap_reassemble_sdu() function in net/bluetooth/l2cap_core.c. An attacker with physical access to device can trigger a use-after-free error and execute arbitrary code on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU69709

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3565

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows an attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the del_timer() function in drivers/isdn/mISDN/l1oip_core.c in the Bluetooth component. An attacker with physical proximity to device can trigger memory corruption and execute arbitrary code on the target system.


Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Race condition

EUVDB-ID: #VU69810

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3566

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the tcp_getsockopt() and tcp_setsockopt() functions in net/ipv4/tcp.c, do_ipv6_setsockopt() function in net/ipv6/ipv6_sockglue.c, and tcp_v6_connect() function in net/ipv6/tcp_ipv6.c in Linux kernel. A local user can exploit the race and escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Race condition

EUVDB-ID: #VU69811

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3567

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the inet6_stream_ops() and inet6_dgram_ops() functions. A local user can exploit the race and escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU69707

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3594

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the intr_callback() function in drivers/net/usb/r8152.c can be forced to include excessive data info the log files. A local user can read the log files and gain access to sensitive data.

Note, the vulnerability can be triggered remotely.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU69300

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3621

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the nilfs2 filesystem driver within the nilfs_bmap_lookup_at_level() function in fs/nilfs2/inode.c in Linux kernel. A remote attacker can trick the victim into mounting a specially crafted image and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU69398

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3635

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the drivers/atm/idt77252.c in IPsec component of Linux kernel. A local user can trigger a use-after-free error and crash the kernel.


Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource management error

EUVDB-ID: #VU66550

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-36879

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the xfrm_expand_policies() function in net/xfrm/xfrm_policy.c. A local user can cause the refcount to be dropped twice and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper access control

EUVDB-ID: #VU67587

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40768

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in the drivers/scsi/stex.c in the Linux kernel. A local user can obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU69297

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-42703

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the mm/rmap.c in the Linux kernel, related to leaf anon_vma double reuse. A local user can trigger a use-after-free error and crash the kernel.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-4.15.0-1157-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1157.125

linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)

External links

http://ubuntu.com/security/notices/USN-5774-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###