Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5468-1

Ubuntu Security Notice 5468-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Packet Storm
#vulnerability#web#google#microsoft#amazon#ubuntu#linux#dos#oracle#intel#perl#aws
=========================================================================Ubuntu Security Notice USN-5468-1June 08, 2022linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13,linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-intel-5.13, linux-kvm,linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 21.10- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.13: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.13: Linux kernel for Microsoft Azure cloud systems- linux-gcp-5.13: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.13: Linux hardware enablement (HWE) kernel- linux-intel-5.13: Linux kernel for Intel IOTG- linux-oracle-5.13: Linux kernel for Oracle Cloud systemsDetails:It was discovered that the Linux kernel did not properly restrict access tothe kernel debugger when booted in secure boot environments. A privilegedattacker could use this to bypass UEFI Secure Boot restrictions.(CVE-2022-21499)Aaron Adams discovered that the netfilter subsystem in the Linux kernel didnot properly handle the removal of stateful expressions in some situations,leading to a use-after-free vulnerability. A local attacker could use thisto cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-1966)Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVMimplementation in the Linux kernel did not properly perform guest pagetable updates in some situations. An attacker in a guest vm could possiblyuse this to crash the host OS. (CVE-2022-1158)Ziming Zhang discovered that the netfilter subsystem in the Linux kerneldid not properly validate sets with multiple ranged fields. A localattacker could use this to cause a denial of service or execute arbitrarycode. (CVE-2022-1972)It was discovered that the USB Gadget file system interface in the Linuxkernel contained a use-after-free vulnerability. A local attacker could usethis to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2022-24958)It was discovered that the EMS CAN/USB interface implementation in theLinux kernel contained a double-free vulnerability when handling certainerror conditions. A local attacker could use this to cause a denial ofservice (memory exhaustion). (CVE-2022-28390)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 21.10:  linux-image-5.13.0-1027-kvm     5.13.0-1027.29  linux-image-5.13.0-1028-aws     5.13.0-1028.31  linux-image-5.13.0-1028-azure   5.13.0-1028.33  linux-image-5.13.0-1030-gcp     5.13.0-1030.36  linux-image-5.13.0-1031-raspi   5.13.0-1031.34  linux-image-5.13.0-1031-raspi-nolpae  5.13.0-1031.34  linux-image-5.13.0-1033-oracle  5.13.0-1033.39  linux-image-5.13.0-48-generic   5.13.0-48.54  linux-image-5.13.0-48-generic-64k  5.13.0-48.54  linux-image-5.13.0-48-generic-lpae  5.13.0-48.54  linux-image-5.13.0-48-lowlatency  5.13.0-48.54  linux-image-aws                 5.13.0.1028.28  linux-image-azure               5.13.0.1028.27  linux-image-gcp                 5.13.0.1030.27  linux-image-generic             5.13.0.48.56  linux-image-generic-64k         5.13.0.48.56  linux-image-generic-lpae        5.13.0.48.56  linux-image-gke                 5.13.0.1030.27  linux-image-kvm                 5.13.0.1027.26  linux-image-lowlatency          5.13.0.48.56  linux-image-oem-20.04           5.13.0.48.56  linux-image-oracle              5.13.0.1033.32  linux-image-raspi               5.13.0.1031.35  linux-image-raspi-nolpae        5.13.0.1031.35  linux-image-virtual             5.13.0.48.56Ubuntu 20.04 LTS:  linux-image-5.13.0-1014-intel   5.13.0-1014.15  linux-image-5.13.0-1028-aws     5.13.0-1028.31~20.04.1  linux-image-5.13.0-1028-azure   5.13.0-1028.33~20.04.1  linux-image-5.13.0-1030-gcp     5.13.0-1030.36~20.04.1  linux-image-5.13.0-1033-oracle  5.13.0-1033.39~20.04.1  linux-image-5.13.0-48-generic   5.13.0-48.54~20.04.1  linux-image-5.13.0-48-generic-64k  5.13.0-48.54~20.04.1  linux-image-5.13.0-48-generic-lpae  5.13.0-48.54~20.04.1  linux-image-5.13.0-48-lowlatency  5.13.0-48.54~20.04.1  linux-image-aws                 5.13.0.1028.31~20.04.22  linux-image-azure               5.13.0.1028.33~20.04.17  linux-image-gcp                 5.13.0.1030.36~20.04.1  linux-image-generic-64k-hwe-20.04  5.13.0.48.54~20.04.30  linux-image-generic-hwe-20.04   5.13.0.48.54~20.04.30  linux-image-generic-lpae-hwe-20.04  5.13.0.48.54~20.04.30  linux-image-intel               5.13.0.1014.14  linux-image-lowlatency-hwe-20.04  5.13.0.48.54~20.04.30  linux-image-oracle              5.13.0.1033.39~20.04.1  linux-image-virtual-hwe-20.04   5.13.0.48.54~20.04.30After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-5468-1  CVE-2022-1158, CVE-2022-1966, CVE-2022-1972, CVE-2022-21499,  CVE-2022-24958, CVE-2022-28390Package Information:  https://launchpad.net/ubuntu/+source/linux/5.13.0-48.54  https://launchpad.net/ubuntu/+source/linux-aws/5.13.0-1028.31  https://launchpad.net/ubuntu/+source/linux-azure/5.13.0-1028.33  https://launchpad.net/ubuntu/+source/linux-gcp/5.13.0-1030.36  https://launchpad.net/ubuntu/+source/linux-kvm/5.13.0-1027.29  https://launchpad.net/ubuntu/+source/linux-oracle/5.13.0-1033.39  https://launchpad.net/ubuntu/+source/linux-raspi/5.13.0-1031.34  https://launchpad.net/ubuntu/+source/linux-aws-5.13/5.13.0-1028.31~20.04.1  https://launchpad.net/ubuntu/+source/linux-azure-5.13/5.13.0-1028.33~20.04.1  https://launchpad.net/ubuntu/+source/linux-gcp-5.13/5.13.0-1030.36~20.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-5.13/5.13.0-48.54~20.04.1  https://launchpad.net/ubuntu/+source/linux-intel-5.13/5.13.0-1014.15  https://launchpad.net/ubuntu/+source/linux-oracle-5.13/5.13.0-1033.39~20.04.1

Related news

Red Hat Security Advisory 2024-0724-03

Red Hat Security Advisory 2024-0724-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, bypass, denial of service, double free, memory leak, null pointer, privilege escalation, and use-after-free vulnerabilities.

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

CVE-2021-46868: January

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

CVE-2022-20544: Pixel Update Bulletin—December2022  |  Android Open Source Project

In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070

Red Hat Security Advisory 2022-9082-01

Red Hat Security Advisory 2022-9082-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, out of bounds write, and privilege escalation vulnerabilities.

RHSA-2022:9082: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-43945: kernel: nfsd buffer overflow by RP...

RHSA-2022:9040: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.3 security update

Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

Red Hat Security Advisory 2022-8941-01

Red Hat Security Advisory 2022-8941-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an out of bounds write vulnerability.

RHSA-2022:8973: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-21123: hw: cpu: incomplete clean-up of multi-co...

RHSA-2022:8989: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

RHSA-2022:8941: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

Red Hat Security Advisory 2022-8831-01

Red Hat Security Advisory 2022-8831-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2022-8809-01

Red Hat Security Advisory 2022-8809-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.

RHSA-2022:8831: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

RHSA-2022:8809: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

Red Hat Security Advisory 2022-8673-01

Red Hat Security Advisory 2022-8673-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Red Hat Security Advisory 2022-8686-01

Red Hat Security Advisory 2022-8686-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Red Hat Security Advisory 2022-8685-01

Red Hat Security Advisory 2022-8685-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a memory leak vulnerability.

RHSA-2022:8685: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region

RHSA-2022:8673: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region

RHSA-2022:8686: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region

Red Hat Security Advisory 2022-7933-01

Red Hat Security Advisory 2022-7933-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include code execution, denial of service, double free, information leakage, null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

RHSA-2022:8267: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2022-0168: kernel: smb2_ioctl_query_info NULL pointer dereference * CVE-2022-0617: kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback * CVE-2022-0854: ...

RHSA-2022:7933: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2022-0168: kernel: smb2_ioctl_query_info NULL pointer dereference * CVE-2022-0617: kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback * CVE-2022-085...

RHSA-2022:7683: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2020-36558: kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2021-30002: kernel: memory leak for large arguments...

RHSA-2022:7444: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2020-36558: kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2021-30002: kernel: memory leak for large argume...

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

Kernel Live Patch Security Notice LSN-0089-1

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. Various other vulnerabilities were also discovered.

CVE-2022-1158: Invalid Bug ID

A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.

Ubuntu Security Notice USN-5513-1

Ubuntu Security Notice 5513-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2021-40012: July

Vulnerability of pointers being incorrectly used during data transmission in the video framework. Successful exploitation of this vulnerability may affect confidentiality.

Ubuntu Security Notice USN-5505-1

Ubuntu Security Notice 5505-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2022-5439-01

Red Hat Security Advisory 2022-5439-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow, privilege escalation, and use-after-free vulnerabilities.

RHSA-2022:5476: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root * CVE-2022-27666: kernel: buffer overflow in IPsec ESP transformation code

Red Hat Security Advisory 2022-5232-01

Red Hat Security Advisory 2022-5232-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-5220-01

Red Hat Security Advisory 2022-5220-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, information leakage, memory leak, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-5214-01

Red Hat Security Advisory 2022-5214-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-5224-01

Red Hat Security Advisory 2022-5224-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-5236-01

Red Hat Security Advisory 2022-5236-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2022:5232: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1729: kernel: race condition in perf_event_open leads to privilege escalation * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

RHSA-2022:5216: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

RHSA-2022:5267: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1012: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * CVE-2022-1729: kernel: race condition in perf_event_open leads to privilege escalation * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root * CVE-2022-27666: kernel: buffer ov...

RHSA-2022:5236: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1729: kernel: race condition in perf_event_open leads to privilege escalation * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

RHSA-2022:5224: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-29368: kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check * CVE-2022-1012: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * CVE-2022-1729: kernel: race condition in perf_event_open leads to p...

RHSA-2022:5214: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1012: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root * CVE-2022-27666: kernel: buffer overflow in IPsec ESP transformation code

Kernel Live Patch Security Notice LSN-0087-1

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5484-1

Ubuntu Security Notice 5484-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2022-20137: Android Security Bulletin—June 2022  |  Android Open Source Project

In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-206986392

CVE-2022-21499: git/torvalds/linux.git - Linux kernel source tree

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).

Ubuntu Security Notice USN-5471-1

Ubuntu Security Notice 5471-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5471-1

Ubuntu Security Notice 5471-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5471-1

Ubuntu Security Notice 5471-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5469-1

Ubuntu Security Notice 5469-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5469-1

Ubuntu Security Notice 5469-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5469-1

Ubuntu Security Notice 5469-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5469-1

Ubuntu Security Notice 5469-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5469-1

Ubuntu Security Notice 5469-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5467-1

Ubuntu Security Notice 5467-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5466-1

Ubuntu Security Notice 5466-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5465-1

Ubuntu Security Notice 5465-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

CVE-2022-1966

A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue.

Kernel Live Patch Security Notice LSN-0086-1

It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.

Ubuntu Security Notice USN-5418-1

Ubuntu Security Notice 5418-1 - Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest.

Ubuntu Security Notice USN-5416-1

Ubuntu Security Notice 5416-1 - Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-5416-1

Ubuntu Security Notice 5416-1 - Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-5413-1

Ubuntu Security Notice 5413-1 - Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service. It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2022-28390: can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in err… · torvalds/linux@c702227

ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution