SB2022082446 - Ubuntu update for linux-aws

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2021-33655)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in FBIOPUT_VSCREENINFO IOCTL. A local user can trigger an out-of-bounds write error and execute arbitrary code with elevated privileges.

2) Out-of-bounds write (CVE-ID: CVE-2021-33656)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when setting font with malicous data by ioctl cmd PIO_FONT. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

3) Out-of-bounds read (CVE-ID: CVE-2022-20368)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the packet_recvmsg() function in Linux kernel. A local user can trigger an out-of-bounds read error and potentially escalate privileges on the system.

4) Input validation error (CVE-ID: CVE-2022-36946)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the nfqnl_mangle() function in net/netfilter/nfnetlink_queue.c in the Linux kernel when processing IPv6 packets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-5580-1