SB2022042149 - Ubuntu update for linux

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022042149

SB2022042149 - Ubuntu update for linux

Published: April 21, 2022 Updated: September 8, 2023

Security Bulletin ID SB2022042149
Severity
Low
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Physical access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2021-43976)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the mwifiex_usb_recv() function in drivers/net/wireless/marvell/mwifiex/usb.c in Linux kernel. An attacker with physical access to the system can insert a specially crafted USB device and perform a denial of service (DoS) attack.


2) NULL pointer dereference (CVE-ID: CVE-2021-44879)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the gc_data_segment() function in fs/f2fs/gc.c. A local user can mount a specially crafted f2fs image, trigger a NULL pointer dereference and perform a denial of service (DoS) attack.


3) NULL pointer dereference (CVE-ID: CVE-2022-0617)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel UDF file system functionality. A local user can supply a malicious UDF image to the udf_file_write_iter() function and perform a denial of service (DoS) attack.


4) Out-of-bounds write (CVE-ID: CVE-2022-1015)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the nft_validate_register_store and nft_validate_register_load in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. A local user can escalate privileges on the system.


5) Use-after-free (CVE-ID: CVE-2022-1016)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in net/netfilter/nf_tables_core.c:nft_do_chain in Linux kernel.. A local user can trigger a use-after-free error and gain access to sensitive information.


6) Missing initialization of resource (CVE-ID: CVE-2022-24448)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to missing initialization of resource within the fs/nfs/dir.c in the Linux kernel. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.


7) Memory leak (CVE-ID: CVE-2022-24959)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the yam_siocdevprivate() function in drivers/net/hamradio/yam.c. A local user can perform a denial of service attack.


8) Memory leak (CVE-ID: CVE-2022-26878)

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the drivers/bluetooth/virtio_bt.c file in the Linux kernel. A local user can trigger leak memory and perform denial of service attack.


Remediation

Install update from vendor's website.

References