SB2022071352 - Ubuntu update for linux

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Security restrictions bypass (CVE-ID: CVE-2021-4197)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing permissions checks within the cgroups (control groups) functionality of Linux Kernel when writing into a file descriptor. A local low privileged process can trick a higher privileged parent process into writing arbitrary data into files, which can result in denial of service or privileges escalation.

2) Use-after-free (CVE-ID: CVE-2022-1011)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the write() function of FUSE filesystem. A local user can retireve (partial) /etc/shadow hashes and execute arbitrary code with elevated privileges.

3) Use-after-free (CVE-ID: CVE-2022-1198)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the drivers/net/hamradio/6pack.c. A local user can perform a denial of service (DoS) attack by simulating Amateur Radio.

4) NULL pointer dereference (CVE-ID: CVE-2022-1199)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a Null pointer dereference and use after free errors in the ax25_release() function. A local user can simulate Amateur Radio and perform a denial of service (DoS) attack.

5) Use-after-free (CVE-ID: CVE-2022-1204)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel’s Amateur Radio AX.25 protocol functionality when user connects with the protocol. A local user can trigger use-after-free error to perform a denial of service attack or escalate privileges on the system.

6) NULL pointer dereference (CVE-ID: CVE-2022-1205)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a null pointer dereference and use after free errors in the net/ax25/ax25_timer.c. A local user can simulate Amateur Radio and perform a denial of service (DoS) attack.

7) Information disclosure (CVE-ID: CVE-2022-1353)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the pfkey_register function in net/key/af_key.c in the Linux kernel. A local user can gain unauthorized access to kernel memory, leading to a system crash or a leak of internal kernel information.

8) NULL pointer dereference (CVE-ID: CVE-2022-1516)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference error in the Linux kernel’s X.25 set of standardized network protocols functionality. A local user can terminate session using a simulated Ethernet card and perform a denial of service (DoS) attack.

9) Out-of-bounds read (CVE-ID: CVE-2022-2380)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the Linux kernel framebuffer within the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. A local user can trigger ab out-of-bounds read error and crash the system.

10) Double Free (CVE-ID: CVE-2022-28389)

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to boundary error in mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-5515-1