Headline
Ubuntu Security Notice USN-5759-1
Ubuntu Security Notice 5759-1 - It was discovered that LibBPF incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause LibBPF to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.10. It was discovered that LibBPF incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause LibBPF to crash, resulting in a denial of service, or possibly execute arbitrary code.
=========================================================================Ubuntu Security Notice USN-5759-1December 05, 2022libbpf vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTSSummary:Several security issues were fixed in LibBPF.Software Description:- libbpf: eBPF helper library (development files)Details:It was discovered that LibBPF incorrectly handled certain memory operationsunder certain circumstances. An attacker could possibly use this issue tocause LibBPF to crash, resulting in a denial of service, or possiblyexecute arbitrary code. This issue only affected Ubuntu 22.10.(CVE-2021-45940, CVE-2021-45941, CVE-2022-3533)It was discovered that LibBPF incorrectly handled certain memory operationsunder certain circumstances. An attacker could possibly use this issue tocause LibBPF to crash, resulting in a denial of service, or possiblyexecute arbitrary code. (CVE-2022-3534, CVE-2022-3606)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10: libbpf-dev 1:0.8.0-1ubuntu22.10.1Ubuntu 22.04 LTS: libbpf-dev 1:0.5.0-1ubuntu22.04.1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5759-1 CVE-2021-45940, CVE-2021-45941, CVE-2022-3533, CVE-2022-3534, CVE-2022-3606Package Information: https://launchpad.net/ubuntu/+source/libbpf/0.8.0-1ubuntu22.10.1 https://launchpad.net/ubuntu/+source/libbpf/0.5.0-1ubuntu22.04.1
Related news
Ubuntu Security Notice 6215-1 - It was discovered that dwarves incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause dwarves to crash, resulting in a denial of service, or possibly execute arbitrary code.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.
A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument reg_name leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211031.
A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032.