SB2022071420 - Ubuntu update for linux 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022071420

SB2022071420 - Ubuntu update for linux

Published: July 14, 2022

Security Bulletin ID SB2022071420
Severity
Low
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2022-0500)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in unrestricted eBPF usage by the BPF_BTF_LOAD in Linux kernel. A local user can trigger an out-of-bounds write error in BPF subsystem and execute arbitrary code with elevated privileges.


2) Use-after-free (CVE-ID: CVE-2022-1734)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations. A local user can trigger use-after-free to escalate privileges on the system.


3) NULL pointer dereference (CVE-ID: CVE-2022-1789)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference in kvm_mmu_invpcid_gva. A local attacker can trigger vulnerability to perform a denial of service (DoS) attack.


4) Use-after-free (CVE-ID: CVE-2022-1974)

The vulnerability allows a local privileged user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. A local attacker with CAP_NET_ADMIN privilege can leak kernel information and escalate privileges on the system.


5) Uncaught Exception (CVE-ID: CVE-2022-1975)

The vulnerability allows a remote attacker on the local network to perform a denial of service (DoS) attack.

The vulnerability exists due to an uncaught exception error in the Linux kernel. A remote attacker on the local network can perform a denial of service (DoS) attack.


6) Use-after-free (CVE-ID: CVE-2022-33981)

The vulnerability allows a local user to perform denial of service attack.

The vulnerability exists due to a use-after-free error in drivers/block/floppy.c in the Linux kernel when deallocating raw_cmd in the raw_cmd_ioctl function(). A local user can trigger use-after-free and perform denial of service attack.


Remediation

Install update from vendor's website.

References