First published: Tue Feb 22 2022(Updated: )
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. (CVE-2022-0492) Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-43976) Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2021-44879) Samuel Page discovered that the Transparent Inter-Process Communication (TIPC) protocol implementation in the Linux kernel contained a stack-based buffer overflow. A remote attacker could use this to cause a denial of service (system crash) for systems that have a TIPC bearer configured. (CVE-2022-0435) Lyu Tao discovered that the NFS implementation in the Linux kernel did not properly handle requests to open a directory on a regular file. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-24448) It was discovered that the YAM AX.25 device driver in the Linux kernel did not properly deallocate memory in some error conditions. A local privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2022-24959)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-oem-20.04c | <5.14.0.1024.22 | 5.14.0.1024.22 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/linux-image-oem-20.04b | <5.14.0.1024.22 | 5.14.0.1024.22 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/linux-image-oem-20.04 | <5.14.0.1024.22 | 5.14.0.1024.22 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/linux-image-5.14.0-1024-oem | <5.14.0-1024.26 | 5.14.0-1024.26 |
Ubuntu Ubuntu | =20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of CVE-2022-0492 is high.
CVE-2022-0492 allows a local attacker to gain administrative privileges by exploiting a vulnerability in the cgroups implementation.
Ubuntu Linux version 20.04 is affected by CVE-2022-0492.
Update your Ubuntu Linux kernel to version 5.14.0.1024.22 or higher to fix the CVE-2022-0492 vulnerability.
You can find more information about CVE-2022-0492 on the Ubuntu Security website at https://ubuntu.com/security/CVE-2022-0492.