SB2023020963 - Ubuntu update for linux

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2022-3543)

The vulnerability allows a local user to perform a DoS attack.

The vulnerability exists due memory leak within the unix_sock_destructor/unix_release_sock() function in net/unix/af_unix.c. A local user can force the system to leak memory and perform denial of service attack.

2) Memory leak (CVE-ID: CVE-2022-3619)

The vulnerability allows an attacker to perform a DoS attack.

The vulnerability exists due memory leak within the l2cap_recv_acldata() function in net/bluetooth/l2cap_core.c. An attacker with physical proximity to device can force the system to leak memory and perform denial of service attack.

3) Race condition (CVE-ID: CVE-2022-3623)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the follow_page_pte() function in mm/gup.c. A local user can exploit the race and escalate privileges on the system.

4) Buffer overflow (CVE-ID: CVE-2022-3628)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the brcmf_fweh_event_worker() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c. A local user can use a specially crafted device to trigger memory corruption and escalate privileges on the system.

5) Use-after-free (CVE-ID: CVE-2022-3640)

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error in the 2cap_conn_del() function in net/bluetooth/l2cap_core.c in Linux kernel. An attacker with physical proximity to device can trigger a use-after-free error and execute arbitrary code on the system.

6) Race condition (CVE-ID: CVE-2022-41849)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in the drivers/video/fbdev/smscufx.c in the Linux kernel. An attacker with physical proximity to the system can remove the USB device while calling open(), cause a race condition between the ufx_ops_open and ufx_usb_disconnect and perform a denial of service (DoS) attack.

7) Race condition (CVE-ID: CVE-2022-41850)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the roccat_report_event() function in drivers/hid/hid-roccat.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.

8) Access of Uninitialized Pointer (CVE-ID: CVE-2022-42895)

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to unauthorized access of uninitialized pointer within the l2cap_parse_conf_req() function in net/bluetooth/l2cap_core.c. An attacker with physical proximity to the affected device can gain access to sensitive information.

9) Out-of-bounds read (CVE-ID: CVE-2022-47940)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in smb2_write in fs/ksmbd/smb2pdu.c. A remote user can trigger an out-of-bounds read error and read contents of memory on the system.

10) Use-after-free (CVE-ID: CVE-2023-0590)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the qdisc_graft() function in net/sched/sch_api.c. A local user can trigger a use-after-free error and crash the kernel.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-5851-1