What is the severity of USN-5582-1?

The severity of USN-5582-1 is moderate.

How can a local attacker exploit CVE-2022-34918?

A local attacker can exploit CVE-2022-34918 by using the netfilter subsystem vulnerability to escalate privileges.

What is the affected software version for Ubuntu Ubuntu 20.04?

The affected software version for Ubuntu Ubuntu 20.04 is linux-image-5.4.0-1089-azure-fde version 5.4.0-1089.94+cvm1.2.

What is the affected software version for Ubuntu Ubuntu 20.04 with the package linux-image-azure-fde?

The affected software version for Ubuntu Ubuntu 20.04 with the package linux-image-azure-fde is version 5.4.0.1089.94+cvm1.29.

Where can I find more information about USN-5582-1?

You can find more information about USN-5582-1 at the official Ubuntu Security Notices website.

Vulnerability/
USN-5582-1

CWE

416 362

25/8/2022

USN-5582-1: Linux kernel (Azure CVM) vulnerabilities

First published: Thu Aug 25 2022(Updated: )

Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. (CVE-2022-34918) Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2588) It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2586) It was discovered that the block layer subsystem in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0494) Hu Jiahui discovered that multiple race conditions existed in the Advanced Linux Sound Architecture (ALSA) framework, leading to use-after-free vulnerabilities. A local attacker could use these to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1048) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652) It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1734) Duoming Zhou discovered a race condition in the NFC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1974) Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not properly prevent context switches from occurring during certain atomic context operations. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2022-1975) Felix Fu discovered that the Sun RPC implementation in the Linux kernel did not properly handle socket states, leading to a use-after-free vulnerability. A remote attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-28893)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-5.4.0-1089-azure-fde	<5.4.0-1089.94+cvm1.2	5.4.0-1089.94+cvm1.2
	=20.04
All of
ubuntu/linux-image-azure-fde	<5.4.0.1089.94+cvm1.29	5.4.0.1089.94+cvm1.29
	=20.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-5582-1?
The severity of USN-5582-1 is moderate.
How can a local attacker exploit CVE-2022-34918?
A local attacker can exploit CVE-2022-34918 by using the netfilter subsystem vulnerability to escalate privileges.
What is the affected software version for Ubuntu Ubuntu 20.04?
The affected software version for Ubuntu Ubuntu 20.04 is linux-image-5.4.0-1089-azure-fde version 5.4.0-1089.94+cvm1.2.
What is the affected software version for Ubuntu Ubuntu 20.04 with the package linux-image-azure-fde?
The affected software version for Ubuntu Ubuntu 20.04 with the package linux-image-azure-fde is version 5.4.0.1089.94+cvm1.29.
Where can I find more information about USN-5582-1?
You can find more information about USN-5582-1 at the official Ubuntu Security Notices website.

agent/references
agent/weakness
agent/severity
agent/type
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/event
agent/title
agent/description
agent/tags
agent/trending
collector/usn
source/Ubuntu
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/20.04