SB2022060825 - Ubuntu update for linux-oem-5.14

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022060825

SB2022060825 - Ubuntu update for linux-oem-5.14

Published: June 8, 2022 Updated: June 13, 2022

Security Bulletin ID SB2022060825
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2022-1836)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to use-after-free error in the drivers/block/floppy.c in the floppy driver module in the Linux kernel when working with raw_cmd_ioctl and seek_interrupt. A local user can trigger use-after-free to escalate privileges on the system.


2) Use-after-free (CVE-ID: CVE-2022-1966)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. A local user can trigger use-after-free error to escalate privileges on the system.


3) Out-of-bounds write (CVE-ID: CVE-2022-1972)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in the Linux kernel's netfilter subsystem. A local user can trigger out-of-bounds write to escalate privileges on the system.


4) Improper access control (CVE-ID: CVE-2022-21499)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions to the kernel debugger when booted in secure boot environments. A local privileged user can bypass UEFI Secure Boot restrictions.


Remediation

Install update from vendor's website.

References