Headline
Ubuntu Security Notice USN-5692-1
Ubuntu Security Notice 5692-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-5692-1October 19, 2022linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop,linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency,linux-lowlatency-hwe-5.15, linux-oem-5.14, linux-oracle, linux-raspivulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-lowlatency-hwe-5.15: Linux low latency kernel- linux-oem-5.14: Linux kernel for OEM systemsDetails:David Bouman and Billy Jheng Bing Jhong discovered that a race conditionexisted in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denialof service (system crash) or possibly execute arbitrary code.(CVE-2022-2602)Sönke Huster discovered that an integer overflow vulnerability existed inthe WiFi driver stack in the Linux kernel, leading to a buffer overflow. Aphysically proximate attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2022-41674)Sönke Huster discovered that a use-after-free vulnerability existed in theWiFi driver stack in the Linux kernel. A physically proximate attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code. (CVE-2022-42719)Sönke Huster discovered that the WiFi driver stack in the Linux kernel didnot properly perform reference counting in some situations, leading to ause-after-free vulnerability. A physically proximate attacker could usethis to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2022-42720)Sönke Huster discovered that the WiFi driver stack in the Linux kernel didnot properly handle BSSID/SSID lists in some situations. A physicallyproximate attacker could use this to cause a denial of service (infiniteloop). (CVE-2022-42721)Sönke Huster discovered that the WiFi driver stack in the Linux kernelcontained a NULL pointer dereference vulnerability in certain situations. Aphysically proximate attacker could use this to cause a denial of service(system crash). (CVE-2022-42722)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS: linux-image-5.15.0-1007-gkeop 5.15.0-1007.10 linux-image-5.15.0-1017-ibm 5.15.0-1017.20 linux-image-5.15.0-1017-raspi 5.15.0-1017.19 linux-image-5.15.0-1017-raspi-nolpae 5.15.0-1017.19 linux-image-5.15.0-1019-gke 5.15.0-1019.23 linux-image-5.15.0-1020-kvm 5.15.0-1020.24 linux-image-5.15.0-1021-gcp 5.15.0-1021.28 linux-image-5.15.0-1021-oracle 5.15.0-1021.27 linux-image-5.15.0-1022-aws 5.15.0-1022.26 linux-image-5.15.0-1022-azure 5.15.0-1022.27 linux-image-5.15.0-52-generic 5.15.0-52.58 linux-image-5.15.0-52-generic-64k 5.15.0-52.58 linux-image-5.15.0-52-generic-lpae 5.15.0-52.58 linux-image-5.15.0-52-lowlatency 5.15.0-52.58 linux-image-5.15.0-52-lowlatency-64k 5.15.0-52.58 linux-image-aws 5.15.0.1022.22 linux-image-aws-lts-22.04 5.15.0.1022.22 linux-image-azure 5.15.0.1022.21 linux-image-azure-lts-22.04 5.15.0.1022.21 linux-image-gcp 5.15.0.1021.18 linux-image-generic 5.15.0.52.52 linux-image-generic-64k 5.15.0.52.52 linux-image-generic-64k-hwe-22.04 5.15.0.52.52 linux-image-generic-hwe-22.04 5.15.0.52.52 linux-image-generic-lpae 5.15.0.52.52 linux-image-generic-lpae-hwe-22.04 5.15.0.52.52 linux-image-gke 5.15.0.1019.20 linux-image-gke-5.15 5.15.0.1019.20 linux-image-gkeop 5.15.0.1007.8 linux-image-gkeop-5.15 5.15.0.1007.8 linux-image-ibm 5.15.0.1017.15 linux-image-kvm 5.15.0.1020.18 linux-image-lowlatency 5.15.0.52.47 linux-image-lowlatency-64k 5.15.0.52.47 linux-image-lowlatency-64k-hwe-22.04 5.15.0.52.47 linux-image-lowlatency-hwe-22.04 5.15.0.52.47 linux-image-oracle 5.15.0.1021.18 linux-image-raspi 5.15.0.1017.16 linux-image-raspi-nolpae 5.15.0.1017.16 linux-image-virtual 5.15.0.52.52 linux-image-virtual-hwe-22.04 5.15.0.52.52Ubuntu 20.04 LTS: linux-image-5.14.0-1054-oem 5.14.0-1054.61 linux-image-5.15.0-1019-gke 5.15.0-1019.23~20.04.1 linux-image-5.15.0-1021-gcp 5.15.0-1021.28~20.04.1 linux-image-5.15.0-1022-aws 5.15.0-1022.26~20.04.1 linux-image-5.15.0-1022-azure 5.15.0-1022.27~20.04.1 linux-image-5.15.0-52-generic 5.15.0-52.58~20.04.1 linux-image-5.15.0-52-generic-64k 5.15.0-52.58~20.04.1 linux-image-5.15.0-52-generic-lpae 5.15.0-52.58~20.04.1 linux-image-5.15.0-52-lowlatency 5.15.0-52.58~20.04.1 linux-image-5.15.0-52-lowlatency-64k 5.15.0-52.58~20.04.1 linux-image-aws 5.15.0.1022.26~20.04.14 linux-image-azure 5.15.0.1022.27~20.04.15 linux-image-gcp 5.15.0.1021.28~20.04.1 linux-image-generic-64k-hwe-20.04 5.15.0.52.58~20.04.20 linux-image-generic-hwe-20.04 5.15.0.52.58~20.04.20 linux-image-generic-lpae-hwe-20.04 5.15.0.52.58~20.04.20 linux-image-gke-5.15 5.15.0.1019.23~20.04.1 linux-image-lowlatency-64k-hwe-20.04 5.15.0.52.58~20.04.18 linux-image-lowlatency-hwe-20.04 5.15.0.52.58~20.04.18 linux-image-oem-20.04 5.14.0.1054.52 linux-image-oem-20.04b 5.14.0.1054.52 linux-image-oem-20.04c 5.14.0.1054.52 linux-image-oem-20.04d 5.14.0.1054.52 linux-image-virtual-hwe-20.04 5.15.0.52.58~20.04.20After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References: https://ubuntu.com/security/notices/USN-5692-1 CVE-2022-2602, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722Package Information: https://launchpad.net/ubuntu/+source/linux/5.15.0-52.58 https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1022.26 https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1022.27 https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1021.28 https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1019.23 https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1007.10 https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1017.20 https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1020.24 https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-52.58 https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1021.27 https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1017.19 https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1022.26~20.04.1 https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1022.27~20.04.1 https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1021.28~20.04.1 https://launchpad.net/ubuntu/+source/linux-gke-5.15/5.15.0-1019.23~20.04.1 https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-52.58~20.04.1 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-52.58~20.04.1 https://launchpad.net/ubuntu/+source/linux-oem-5.14/5.14.0-1054.61Related news
Red Hat Security Advisory 2024-1188-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include code execution, denial of service, memory leak, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...
Red Hat Security Advisory 2023-2148-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, bypass, denial of service, double free, memory leak, null pointer, out of bounds read, privilege escalation, traversal, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-2458-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, bypass, denial of service, double free, memory leak, null pointer, out of bounds read, privilege escalation, traversal, and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user t...
It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Sonke Huster discovered that a use-after-free vulnerability existed in the WiFi driver stack in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780
Categories: Android Categories: News Tags: 2023-01-01 Tags: 2023-01-05 Tags: Google Tags: Android Tags: CVE-2022-42719 Tags: CVE-2022-42720 Tags: CVE-2022-42721 Tags: mac80211 Tags: CVE-2022-41674 Tags: Qualcomm Tags: CVE-2022-22088 Google has published its first security bulletin of 2023 with details of vulnerabilities affecting Android devices. It includes fixes for 60 security issues. (Read more...) The post Google patches 60 vulnerabilities in first Android update of 2023 appeared first on Malwarebytes Labs.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
Ubuntu Security Notice 5752-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5728-3 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
Ubuntu Security Notice 5728-2 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5728-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5708-1 - Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that a use-after-free vulnerability existed in the WiFi driver stack in the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5700-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5693-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.
Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
In the Linux kernel 5.8 through 5.19.14, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.