USN-5650-1: Linux kernel vulnerabilities
First published: Fri Sep 30 2022(Updated: )
It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33656) Christian Brauner discovered that the XFS file system implementation in the Linux kernel did not properly handle setgid file creation. A local attacker could use this to gain elevated privileges. (CVE-2021-4037) It was discovered that the ext4 file system implementation in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0850) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) It was discovered that the Packet network protocol implementation in the Linux kernel contained an out-of-bounds access. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2022-20368) It was discovered that the Open vSwitch implementation in the Linux kernel contained an out of bounds write vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2639) Jann Horn discovered that the ASIX AX88179/178A USB Ethernet driver in the Linux kernel contained multiple out-of-bounds vulnerabilities. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2964) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978) Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028) It was discovered that the Journaled File System (JFS) in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3202) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-36946)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-virtual | <4.4.0.234.240 | 4.4.0.234.240 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-generic | <4.4.0.234.240 | 4.4.0.234.240 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-aws | <4.4.0.1151.155 | 4.4.0.1151.155 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-234-lowlatency | <4.4.0-234.268 | 4.4.0-234.268 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-234-generic | <4.4.0-234.268 | 4.4.0-234.268 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-1114-kvm | <4.4.0-1114.124 | 4.4.0-1114.124 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-1151-aws | <4.4.0-1151.166 | 4.4.0-1151.166 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-kvm | <4.4.0.1114.111 | 4.4.0.1114.111 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-lowlatency | <4.4.0.234.240 | 4.4.0.234.240 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-234-generic | <4.4.0-234.268~14.04.1 | 4.4.0-234.268~14.04.1 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-generic-lts-xenial | <4.4.0.234.203 | 4.4.0.234.203 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-1113-aws | <4.4.0-1113.119 | 4.4.0-1113.119 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-lowlatency-lts-xenial | <4.4.0.234.203 | 4.4.0.234.203 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-aws | <4.4.0.1113.110 | 4.4.0.1113.110 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-234-lowlatency | <4.4.0-234.268~14.04.1 | 4.4.0-234.268~14.04.1 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-virtual-lts-xenial | <4.4.0.234.203 | 4.4.0.234.203 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2021-4037
- https://ubuntu.com/security/CVE-2022-36946
- https://ubuntu.com/security/CVE-2021-33655
- https://ubuntu.com/security/CVE-2022-0850
- https://ubuntu.com/security/CVE-2022-1204
- https://ubuntu.com/security/CVE-2022-1199
- https://ubuntu.com/security/CVE-2021-33656
- https://ubuntu.com/security/CVE-2022-20368
- https://ubuntu.com/security/CVE-2022-2964
- https://ubuntu.com/security/CVE-2022-3202
- https://ubuntu.com/security/CVE-2022-2978
- https://ubuntu.com/security/CVE-2022-3028
- https://ubuntu.com/security/CVE-2022-1729
- https://ubuntu.com/security/CVE-2022-2639
- https://ubuntu.com/security/notices/USN-5580-1
- https://ubuntu.com/security/notices/USN-5590-1
- https://ubuntu.com/security/notices/USN-5621-1
- https://ubuntu.com/security/notices/USN-5622-1
- https://ubuntu.com/security/notices/USN-5624-1
- https://ubuntu.com/security/notices/USN-5623-1
- https://ubuntu.com/security/notices/USN-5630-1
- https://ubuntu.com/security/notices/USN-5633-1
- https://ubuntu.com/security/notices/USN-5634-1
- https://ubuntu.com/security/notices/USN-5635-1
- https://ubuntu.com/security/notices/USN-5639-1
- https://ubuntu.com/security/notices/USN-5640-1
- https://ubuntu.com/security/notices/USN-5644-1
- https://ubuntu.com/security/notices/USN-5647-1
- https://ubuntu.com/security/notices/USN-5648-1
- https://ubuntu.com/security/notices/USN-5652-1
- https://ubuntu.com/security/notices/USN-5654-1
- https://ubuntu.com/security/notices/USN-5655-1
- https://ubuntu.com/security/notices/USN-5660-1
- https://ubuntu.com/security/notices/USN-5683-1
- https://ubuntu.com/security/notices/USN-5577-1
- https://ubuntu.com/security/notices/USN-5596-1
- https://ubuntu.com/security/notices/USN-5469-1
- https://ubuntu.com/security/notices/USN-5514-1
- https://ubuntu.com/security/notices/USN-5515-1
- https://ubuntu.com/security/notices/USN-5539-1
- https://ubuntu.com/security/notices/USN-5541-1
- https://ubuntu.com/security/notices/USN-5589-1
- https://ubuntu.com/security/notices/USN-5591-1
- https://ubuntu.com/security/notices/USN-5591-2
- https://ubuntu.com/security/notices/USN-5591-3
- https://ubuntu.com/security/notices/USN-5592-1
- https://ubuntu.com/security/notices/USN-5595-1
- https://ubuntu.com/security/notices/USN-5591-4
- https://ubuntu.com/security/notices/USN-5597-1
- https://ubuntu.com/security/notices/USN-5598-1
- https://ubuntu.com/security/notices/USN-5600-1
- https://ubuntu.com/security/notices/USN-5603-1
- https://ubuntu.com/security/notices/USN-5605-1
- https://ubuntu.com/security/notices/USN-5693-1
- https://ubuntu.com/security/notices/USN-5727-1
- https://ubuntu.com/security/notices/USN-5728-1
- https://ubuntu.com/security/notices/USN-5729-1
- https://ubuntu.com/security/notices/USN-5727-2
- https://ubuntu.com/security/notices/USN-5728-2
- https://ubuntu.com/security/notices/USN-5729-2
- https://ubuntu.com/security/notices/USN-5728-3
- https://ubuntu.com/security/notices/USN-5774-1
- https://ubuntu.com/security/notices/USN-5560-1
- https://ubuntu.com/security/notices/USN-5560-2
- https://ubuntu.com/security/notices/USN-5594-1
- https://ubuntu.com/security/notices/USN-5599-1
- https://ubuntu.com/security/notices/USN-5602-1
- https://ubuntu.com/security/notices/USN-5616-1
- https://ubuntu.com/security/notices/USN-5650-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-5650-1?
The severity of USN-5650-1 is high.
How does the Linux kernel vulnerability CVE-2021-33655 affect Ubuntu 16.04?
The Linux kernel vulnerability CVE-2021-33655 affects Ubuntu 16.04 and can be exploited by a local attacker to cause a denial of service or execute arbitrary code.
Which packages are affected by the Linux kernel vulnerability CVE-2021-33655?
The Linux kernel vulnerability CVE-2021-33655 affects the linux-image-virtual, linux-image-generic, linux-image-aws, linux-image-4.4.0-234-lowlatency, and linux-image-4.4.0-234-generic packages in Ubuntu 16.04.
How can I fix the Linux kernel vulnerability CVE-2021-33655 in Ubuntu 16.04?
To fix the Linux kernel vulnerability CVE-2021-33655 in Ubuntu 16.04, update the affected packages to version 4.4.0.234.240 or later.
Where can I find more information about USN-5650-1 and the associated vulnerabilities?
More information about USN-5650-1 and the associated vulnerabilities can be found at the following links: [reference links]
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/usn
- source/Ubuntu
- anchor-related/USN-5580-1
- anchor-related/USN-5590-1
- anchor-related/USN-5621-1
- anchor-related/USN-5622-1
- anchor-related/USN-5624-1
- anchor-related/USN-5623-1
- anchor-related/USN-5630-1
- anchor-related/USN-5633-1
- anchor-related/USN-5634-1
- anchor-related/USN-5635-1
- anchor-related/USN-5639-1
- anchor-related/USN-5640-1
- anchor-related/USN-5644-1
- anchor-related/USN-5647-1
- anchor-related/USN-5648-1
- anchor-related/USN-5652-1
- anchor-related/USN-5654-1
- anchor-related/USN-5655-1
- anchor-related/USN-5660-1
- anchor-related/USN-5683-1
- anchor-related/USN-5577-1
- anchor-related/USN-5596-1
- anchor-related/USN-5469-1
- anchor-related/USN-5514-1
- anchor-related/USN-5515-1
- anchor-related/USN-5539-1
- anchor-related/USN-5541-1
- anchor-related/USN-5589-1
- anchor-related/USN-5591-1
- anchor-related/USN-5591-2
- anchor-related/USN-5591-3
- anchor-related/USN-5592-1
- anchor-related/USN-5595-1
- anchor-related/USN-5591-4
- anchor-related/USN-5597-1
- anchor-related/USN-5598-1
- anchor-related/USN-5600-1
- anchor-related/USN-5603-1
- anchor-related/USN-5605-1
- anchor-related/USN-5693-1
- anchor-related/USN-5727-1
- anchor-related/USN-5728-1
- anchor-related/USN-5729-1
- anchor-related/USN-5727-2
- anchor-related/USN-5728-2
- anchor-related/USN-5729-2
- anchor-related/USN-5728-3
- anchor-related/USN-5774-1
- anchor-related/USN-5560-1
- anchor-related/USN-5560-2
- anchor-related/USN-5594-1
- anchor-related/USN-5599-1
- anchor-related/USN-5602-1
- anchor-related/USN-5616-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04