SB2022042148 - Ubuntu update for linux

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2022-0617)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel UDF file system functionality. A local user can supply a malicious UDF image to the udf_file_write_iter() function and perform a denial of service (DoS) attack.

2) Missing initialization of resource (CVE-ID: CVE-2022-24448)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to missing initialization of resource within the fs/nfs/dir.c in the Linux kernel. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.

3) Memory leak (CVE-ID: CVE-2022-24959)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the yam_siocdevprivate() function in drivers/net/hamradio/yam.c. A local user can perform a denial of service attack.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-5384-1