SB2022111723 - Ubuntu update for linux

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022111723

SB2022111723 - Ubuntu update for linux

Published: November 17, 2022 Updated: June 7, 2024

Security Bulletin ID SB2022111723
Severity
High
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

High 8% Low 92%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2022-20422)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within emulation_proc_handler() in armv8 emulation in arch/arm64/kernel/armv8_deprecated.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


2) NULL pointer dereference (CVE-ID: CVE-2022-2153)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel’s KVM when attempting to set a SynIC IRQ. A local user on the host can issue specific ioctl calls, causing a denial of service.


3) Use-after-free (CVE-ID: CVE-2022-2978)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Linux kernel NILFS file system. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


4) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-29901)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the way non-transparent sharing of branch predictor targets between contexts. A local user can exploit the vulnerability to gain access to sensitive information.


5) Race condition (CVE-ID: CVE-2022-3028)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. A local user can exploit the race and escalate privileges on the system.


6) Use-after-free (CVE-ID: CVE-2022-3625)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the devlink_param_set() and devlink_param_get() function in net/core/devlink.c in IPsec component of Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


7) Use-after-free (CVE-ID: CVE-2022-3635)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the drivers/atm/idt77252.c in IPsec component of Linux kernel. A local user can trigger a use-after-free error and crash the kernel.



8) Race condition (CVE-ID: CVE-2022-39188)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within include/asm-generic/tlb.h in the Linux kernel. A local user can exploit the race and escalate privileges on the system.

Note, this only occurs in situations with VM_PFNMAP VMAs.


9) Improper access control (CVE-ID: CVE-2022-40768)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in the drivers/scsi/stex.c in the Linux kernel. A local user can obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.


10) Use-after-free (CVE-ID: CVE-2022-41222)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error caused by a stale TLB in mm/mremap.c, because an rmap lock is not held during a PUD move. A local user can gain access to sensitive information.


11) Use-after-free (CVE-ID: CVE-2022-42703)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the mm/rmap.c in the Linux kernel, related to leaf anon_vma double reuse. A local user can trigger a use-after-free error and crash the kernel.


12) Use-after-free (CVE-ID: CVE-2022-42719)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the mac80211 stack in Linux kernel when parsing a multi-BSSID element. A remote attacker on the local network can send specially crafted WLAN frames to the affected system, trigger a use-after-free error and execute arbitrary code.


Remediation

Install update from vendor's website.

References