First published: Thu May 12 2022(Updated: )
Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) It was discovered that the MMC/SD subsystem in the Linux kernel did not properly handle read errors from SD cards in certain situations. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-20008) It was discovered that the USB gadget subsystem in the Linux kernel did not properly validate interface descriptor requests. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-25258) It was discovered that the Remote NDIS (RNDIS) USB gadget implementation in the Linux kernel did not properly validate the size of the RNDIS_MSG_SET command. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-25375) It was discovered that the ST21NFCA NFC driver in the Linux kernel did not properly validate the size of certain data in EVT_TRANSACTION events. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-26490) It was discovered that the USB SR9700 ethernet device driver for the Linux kernel did not properly validate the length of requests from the device. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-26966) It was discovered that the Xilinx USB2 device gadget driver in the Linux kernel did not properly validate endpoint indices from the host. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-27223) Miaoqian Lin discovered that the RDMA Transport (RTRS) client implementation in the Linux kernel contained a double-free when handling certain error conditions. An attacker could use this to cause a denial of service (system crash). (CVE-2022-29156)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-virtual | <5.13.0.41.50 | 5.13.0.41.50 |
=21.10 | ||
All of | ||
ubuntu/linux-image-5.13.0-41-generic | <5.13.0-41.46 | 5.13.0-41.46 |
=21.10 | ||
All of | ||
ubuntu/linux-image-generic-64k | <5.13.0.41.50 | 5.13.0.41.50 |
=21.10 | ||
All of | ||
ubuntu/linux-image-generic | <5.13.0.41.50 | 5.13.0.41.50 |
=21.10 | ||
All of | ||
ubuntu/linux-image-aws | <5.13.0.1023.24 | 5.13.0.1023.24 |
=21.10 | ||
All of | ||
ubuntu/linux-image-5.13.0-1025-gcp | <5.13.0-1025.30 | 5.13.0-1025.30 |
=21.10 | ||
All of | ||
ubuntu/linux-image-5.13.0-1026-raspi | <5.13.0-1026.28 | 5.13.0-1026.28 |
=21.10 | ||
All of | ||
ubuntu/linux-image-5.13.0-1026-raspi-nolpae | <5.13.0-1026.28 | 5.13.0-1026.28 |
=21.10 | ||
All of | ||
ubuntu/linux-image-5.13.0-41-generic-64k | <5.13.0-41.46 | 5.13.0-41.46 |
=21.10 | ||
All of | ||
ubuntu/linux-image-azure | <5.13.0.1023.23 | 5.13.0.1023.23 |
=21.10 | ||
All of | ||
ubuntu/linux-image-raspi-nolpae | <5.13.0.1026.31 | 5.13.0.1026.31 |
=21.10 | ||
All of | ||
ubuntu/linux-image-5.13.0-1023-aws | <5.13.0-1023.25 | 5.13.0-1023.25 |
=21.10 | ||
All of | ||
ubuntu/linux-image-oem-20.04 | <5.13.0.41.50 | 5.13.0.41.50 |
=21.10 | ||
All of | ||
ubuntu/linux-image-5.13.0-1023-azure | <5.13.0-1023.27 | 5.13.0-1023.27 |
=21.10 | ||
All of | ||
ubuntu/linux-image-gke | <5.13.0.1025.23 | 5.13.0.1025.23 |
=21.10 | ||
All of | ||
ubuntu/linux-image-5.13.0-41-lowlatency | <5.13.0-41.46 | 5.13.0-41.46 |
=21.10 | ||
All of | ||
ubuntu/linux-image-5.13.0-41-generic-lpae | <5.13.0-41.46 | 5.13.0-41.46 |
=21.10 | ||
All of | ||
ubuntu/linux-image-gcp | <5.13.0.1025.23 | 5.13.0.1025.23 |
=21.10 | ||
All of | ||
ubuntu/linux-image-oracle | <5.13.0.1028.28 | 5.13.0.1028.28 |
=21.10 | ||
All of | ||
ubuntu/linux-image-5.13.0-1022-kvm | <5.13.0-1022.23 | 5.13.0-1022.23 |
=21.10 | ||
All of | ||
ubuntu/linux-image-raspi | <5.13.0.1026.31 | 5.13.0.1026.31 |
=21.10 | ||
All of | ||
ubuntu/linux-image-kvm | <5.13.0.1022.22 | 5.13.0.1022.22 |
=21.10 | ||
All of | ||
ubuntu/linux-image-5.13.0-1028-oracle | <5.13.0-1028.33 | 5.13.0-1028.33 |
=21.10 | ||
All of | ||
ubuntu/linux-image-generic-lpae | <5.13.0.41.50 | 5.13.0.41.50 |
=21.10 | ||
All of | ||
ubuntu/linux-image-lowlatency | <5.13.0.41.50 | 5.13.0.41.50 |
=21.10 | ||
All of | ||
ubuntu/linux-image-5.13.0-41-generic | <5.13.0-41.46~20.04.1 | 5.13.0-41.46~20.04.1 |
=20.04 | ||
All of | ||
ubuntu/linux-image-aws | <5.13.0.1023.25~20.04.16 | 5.13.0.1023.25~20.04.16 |
=20.04 | ||
All of | ||
ubuntu/linux-image-lowlatency-hwe-20.04 | <5.13.0.41.46~20.04.26 | 5.13.0.41.46~20.04.26 |
=20.04 | ||
All of | ||
ubuntu/linux-image-generic-hwe-20.04 | <5.13.0.41.46~20.04.26 | 5.13.0.41.46~20.04.26 |
=20.04 | ||
All of | ||
ubuntu/linux-image-5.13.0-41-generic-64k | <5.13.0-41.46~20.04.1 | 5.13.0-41.46~20.04.1 |
=20.04 | ||
All of | ||
ubuntu/linux-image-5.13.0-1023-azure | <5.13.0-1023.27~20.04.1 | 5.13.0-1023.27~20.04.1 |
=20.04 | ||
All of | ||
ubuntu/linux-image-azure | <5.13.0.1023.27~20.04.12 | 5.13.0.1023.27~20.04.12 |
=20.04 | ||
All of | ||
ubuntu/linux-image-5.13.0-1023-aws | <5.13.0-1023.25~20.04.1 | 5.13.0-1023.25~20.04.1 |
=20.04 | ||
All of | ||
ubuntu/linux-image-5.13.0-41-generic-lpae | <5.13.0-41.46~20.04.1 | 5.13.0-41.46~20.04.1 |
=20.04 | ||
All of | ||
ubuntu/linux-image-gcp | <5.13.0.1025.30~20.04.1 | 5.13.0.1025.30~20.04.1 |
=20.04 | ||
All of | ||
ubuntu/linux-image-virtual-hwe-20.04 | <5.13.0.41.46~20.04.26 | 5.13.0.41.46~20.04.26 |
=20.04 | ||
All of | ||
ubuntu/linux-image-generic-lpae-hwe-20.04 | <5.13.0.41.46~20.04.26 | 5.13.0.41.46~20.04.26 |
=20.04 | ||
All of | ||
ubuntu/linux-image-5.13.0-1025-gcp | <5.13.0-1025.30~20.04.1 | 5.13.0-1025.30~20.04.1 |
=20.04 | ||
All of | ||
ubuntu/linux-image-generic-64k-hwe-20.04 | <5.13.0.41.46~20.04.26 | 5.13.0.41.46~20.04.26 |
=20.04 | ||
All of | ||
ubuntu/linux-image-5.13.0-41-lowlatency | <5.13.0-41.46~20.04.1 | 5.13.0-41.46~20.04.1 |
=20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)