What is the vulnerability ID of this advisory?

The vulnerability ID of this advisory is USN-5539-1.

What is the severity of USN-5539-1?

The severity of USN-5539-1 is not mentioned in the advisory.

How does the vulnerability CVE-2022-1195 affect the Linux kernel?

The vulnerability CVE-2022-1195 in the Linux kernel can lead to a use-after-free vulnerability, potentially causing a denial of service (system crash).

Which versions of Ubuntu are affected by this vulnerability?

Ubuntu versions 20.04 and 18.04 are affected by this vulnerability.

How can I fix this vulnerability?

To fix this vulnerability, update the affected Linux kernel packages to the specified versions: 5.4.0-1042.47, 5.4.0.1042.41, 5.4.0.1084.63, 5.4.0-1078.84~18.04.1, 5.4.0.1078.84~18.04.40, or 5.4.0-1084.92~18.04.1 depending on the Ubuntu version.

Vulnerability/
USN-5539-1

CWE

416 362

28/7/2022

USN-5539-1: Linux kernel vulnerabilities

First published: Thu Jul 28 2022(Updated: )

It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1195) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle guest TLB mapping invalidation requests in some situations. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2022-1789) It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388) Minh Yuan discovered that the floppy driver in the Linux kernel contained a race condition in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-33981)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-5.4.0-1042-bluefield	<5.4.0-1042.47	5.4.0-1042.47
	=20.04
All of
ubuntu/linux-image-bluefield	<5.4.0.1042.41	5.4.0.1042.41
	=20.04
All of
ubuntu/linux-image-gcp	<5.4.0.1084.63	5.4.0.1084.63
	=18.04
All of
ubuntu/linux-image-5.4.0-1078-gke	<5.4.0-1078.84~18.04.1	5.4.0-1078.84~18.04.1
	=18.04
All of
ubuntu/linux-image-gke-5.4	<5.4.0.1078.84~18.04.40	5.4.0.1078.84~18.04.40
	=18.04
All of
ubuntu/linux-image-5.4.0-1084-gcp	<5.4.0-1084.92~18.04.1	5.4.0-1084.92~18.04.1
	=18.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID of this advisory?
The vulnerability ID of this advisory is USN-5539-1.
What is the severity of USN-5539-1?
The severity of USN-5539-1 is not mentioned in the advisory.
How does the vulnerability CVE-2022-1195 affect the Linux kernel?
The vulnerability CVE-2022-1195 in the Linux kernel can lead to a use-after-free vulnerability, potentially causing a denial of service (system crash).
Which versions of Ubuntu are affected by this vulnerability?
Ubuntu versions 20.04 and 18.04 are affected by this vulnerability.
How can I fix this vulnerability?
To fix this vulnerability, update the affected Linux kernel packages to the specified versions: 5.4.0-1042.47, 5.4.0.1042.41, 5.4.0.1084.63, 5.4.0-1078.84~18.04.1, 5.4.0.1078.84~18.04.40, or 5.4.0-1084.92~18.04.1 depending on the Ubuntu version.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
agent/weakness
collector/usn
source/Ubuntu
anchor-related/USN-5469-1
anchor-related/USN-5514-1
anchor-related/USN-5515-1
anchor-related/USN-5541-1
anchor-related/USN-5650-1
anchor-related/USN-5560-1
anchor-related/USN-5560-2
anchor-related/USN-6001-1
anchor-related/USN-6013-1
anchor-related/USN-6014-1
anchor-related/USN-5471-1
anchor-related/USN-5518-1
anchor-related/USN-5529-1
anchor-related/USN-5564-1
anchor-related/USN-5416-1
anchor-related/USN-5493-1
anchor-related/USN-5493-2
anchor-related/USN-5505-1
anchor-related/USN-5513-1
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/20.04
version/ubuntu ubuntu/18.04