What is the severity of CVE-2022-26365?

The severity of CVE-2022-26365 is high.

How does CVE-2022-26365 impact Linux kernel on AWS?

CVE-2022-26365 can be exploited by a local attacker to expose sensitive information (guest kernel memory) on Linux kernel running on AWS.

How do I fix CVE-2022-26365 on Ubuntu 16.04 with the linux-image-aws package?

To fix CVE-2022-26365 on Ubuntu 16.04 with the linux-image-aws package, update to version 4.4.0.1148.152 or later.

How do I fix CVE-2022-26365 on Ubuntu 16.04 with the linux-image-4.4.0-1148-aws package?

To fix CVE-2022-26365 on Ubuntu 16.04 with the linux-image-4.4.0-1148-aws package, update to version 4.4.0-1148.163 or later.

Where can I find more information about CVE-2022-26365?

You can find more information about CVE-2022-26365 at the following reference: [Ubuntu CVE-2022-26365](https://ubuntu.com/security/CVE-2022-26365).

Vulnerability/
USN-5572-1

18/8/2022

USN-5572-1: Linux kernel (AWS) vulnerabilities

First published: Thu Aug 18 2022(Updated: )

Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-aws	<4.4.0.1148.152	4.4.0.1148.152
	=16.04
All of
ubuntu/linux-image-4.4.0-1148-aws	<4.4.0-1148.163	4.4.0-1148.163
	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2022-26365?
The severity of CVE-2022-26365 is high.
How does CVE-2022-26365 impact Linux kernel on AWS?
CVE-2022-26365 can be exploited by a local attacker to expose sensitive information (guest kernel memory) on Linux kernel running on AWS.
How do I fix CVE-2022-26365 on Ubuntu 16.04 with the linux-image-aws package?
To fix CVE-2022-26365 on Ubuntu 16.04 with the linux-image-aws package, update to version 4.4.0.1148.152 or later.
How do I fix CVE-2022-26365 on Ubuntu 16.04 with the linux-image-4.4.0-1148-aws package?
To fix CVE-2022-26365 on Ubuntu 16.04 with the linux-image-4.4.0-1148-aws package, update to version 4.4.0-1148.163 or later.
Where can I find more information about CVE-2022-26365?
You can find more information about CVE-2022-26365 at the following reference: [Ubuntu CVE-2022-26365](https://ubuntu.com/security/CVE-2022-26365).

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
anchor-related/USN-5579-1
anchor-related/USN-5572-2
anchor-related/USN-5624-1
anchor-related/USN-5623-1
anchor-related/USN-5633-1
anchor-related/USN-5635-1
anchor-related/USN-5640-1
anchor-related/USN-5644-1
anchor-related/USN-5648-1
anchor-related/USN-5655-1
anchor-related/USN-5668-1
anchor-related/USN-5669-1
anchor-related/USN-5669-2
anchor-related/USN-5679-1
anchor-related/USN-5678-1
anchor-related/USN-5677-1
anchor-related/USN-5683-1
anchor-related/USN-5682-1
anchor-related/USN-5684-1
anchor-related/USN-5687-1
anchor-related/USN-5695-1
anchor-related/USN-5706-1
anchor-related/USN-5773-1
anchor-related/USN-5789-1
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/16.04