What is the vulnerability ID for this advisory?

The vulnerability ID for this advisory is USN-5756-3.

What is the severity of the vulnerabilities?

The severity of the vulnerabilities is not specified in the provided information.

Which packages and versions are affected?

The linux-image-azure-lts-20.04 package version 5.4.0.1098.92, the linux-image-5.4.0-1098-azure package version 5.4.0-1098.104, and the linux-image-azure package version 5.4.0.1098.72 are affected.

How can I fix the vulnerabilities?

To fix the vulnerabilities, update the affected packages to the recommended versions: linux-image-azure-lts-20.04 (5.4.0.1098.92), linux-image-5.4.0-1098-azure (5.4.0-1098.104), and linux-image-azure (5.4.0.1098.72).

Where can I find more information about the vulnerabilities?

You can find more information about the vulnerabilities in the following references: [CVE-2022-42703](https://ubuntu.com/security/CVE-2022-42703), [CVE-2022-3524](https://ubuntu.com/security/CVE-2022-3524), and [CVE-2022-3594](https://ubuntu.com/security/CVE-2022-3594).

Vulnerability/
USN-5756-3

CWE

416 476 362

12/12/2022

USN-5756-3: Linux kernel (Azure) vulnerabilities

First published: Mon Dec 12 2022(Updated: )

Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-azure-lts-20.04	<5.4.0.1098.92	5.4.0.1098.92
	=20.04
All of
ubuntu/linux-image-5.4.0-1098-azure	<5.4.0-1098.104	5.4.0-1098.104
	=20.04
All of
ubuntu/linux-image-azure	<5.4.0.1098.72	5.4.0.1098.72
	=18.04
All of
ubuntu/linux-image-5.4.0-1098-azure	<5.4.0-1098.104~18.04.2	5.4.0-1098.104~18.04.2
	=18.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-5756-3.
What is the severity of the vulnerabilities?
The severity of the vulnerabilities is not specified in the provided information.
Which packages and versions are affected?
The linux-image-azure-lts-20.04 package version 5.4.0.1098.92, the linux-image-5.4.0-1098-azure package version 5.4.0-1098.104, and the linux-image-azure package version 5.4.0.1098.72 are affected.
How can I fix the vulnerabilities?
To fix the vulnerabilities, update the affected packages to the recommended versions: linux-image-azure-lts-20.04 (5.4.0.1098.92), linux-image-5.4.0-1098-azure (5.4.0-1098.104), and linux-image-azure (5.4.0.1098.72).
Where can I find more information about the vulnerabilities?
You can find more information about the vulnerabilities in the following references: [CVE-2022-42703](https://ubuntu.com/security/CVE-2022-42703), [CVE-2022-3524](https://ubuntu.com/security/CVE-2022-3524), and [CVE-2022-3594](https://ubuntu.com/security/CVE-2022-3594).

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
agent/weakness
collector/usn
source/Ubuntu
anchor-related/USN-5728-1
anchor-related/USN-5728-2
anchor-related/USN-5728-3
anchor-related/USN-5755-1
anchor-related/USN-5756-1
anchor-related/USN-5757-1
anchor-related/USN-5757-2
anchor-related/USN-5758-1
anchor-related/USN-5755-2
anchor-related/USN-5756-2
anchor-related/USN-5773-1
anchor-related/USN-5774-1
anchor-related/USN-5779-1
anchor-related/USN-5789-1
anchor-related/USN-5916-1
anchor-related/USN-5754-1
anchor-related/USN-5754-2
anchor-related/USN-5780-1
anchor-related/USN-5913-1
anchor-related/USN-5914-1
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/20.04
version/ubuntu ubuntu/18.04