CWE
416 362
Advisory Published

USN-5539-1: Linux kernel vulnerabilities

First published: Thu Jul 28 2022(Updated: )

It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1195) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle guest TLB mapping invalidation requests in some situations. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2022-1789) It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388) Minh Yuan discovered that the floppy driver in the Linux kernel contained a race condition in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-33981)

Affected SoftwareAffected VersionHow to fix
All of
ubuntu/linux-image-5.4.0-1042-bluefield<5.4.0-1042.47
5.4.0-1042.47
=20.04
All of
ubuntu/linux-image-bluefield<5.4.0.1042.41
5.4.0.1042.41
=20.04
All of
ubuntu/linux-image-gcp<5.4.0.1084.63
5.4.0.1084.63
=18.04
All of
ubuntu/linux-image-5.4.0-1078-gke<5.4.0-1078.84~18.04.1
5.4.0-1078.84~18.04.1
=18.04
All of
ubuntu/linux-image-gke-5.4<5.4.0.1078.84~18.04.40
5.4.0.1078.84~18.04.40
=18.04
All of
ubuntu/linux-image-5.4.0-1084-gcp<5.4.0-1084.92~18.04.1
5.4.0-1084.92~18.04.1
=18.04

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID of this advisory?

    The vulnerability ID of this advisory is USN-5539-1.

  • What is the severity of USN-5539-1?

    The severity of USN-5539-1 is not mentioned in the advisory.

  • How does the vulnerability CVE-2022-1195 affect the Linux kernel?

    The vulnerability CVE-2022-1195 in the Linux kernel can lead to a use-after-free vulnerability, potentially causing a denial of service (system crash).

  • Which versions of Ubuntu are affected by this vulnerability?

    Ubuntu versions 20.04 and 18.04 are affected by this vulnerability.

  • How can I fix this vulnerability?

    To fix this vulnerability, update the affected Linux kernel packages to the specified versions: 5.4.0-1042.47, 5.4.0.1042.41, 5.4.0.1084.63, 5.4.0-1078.84~18.04.1, 5.4.0.1078.84~18.04.40, or 5.4.0-1084.92~18.04.1 depending on the Ubuntu version.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203