What is the vulnerability ID of this advisory?

The vulnerability ID of this advisory is USN-5814-1.

What is the severity of USN-5814-1?

The severity of this vulnerability (USN-5814-1) is not specified in the information provided.

How can a local attacker exploit CVE-2022-4378?

A local attacker can exploit CVE-2022-4378 by using a stack-based buffer overflow to cause a denial of service (system crash) or execute arbitrary code.

Which versions of Ubuntu are affected by this vulnerability?

The versions of Ubuntu affected by this vulnerability are Ubuntu 22.10 and Ubuntu 22.04.

Where can I find more information about this vulnerability?

You can find more information about this vulnerability on the Ubuntu security website: [link](https://ubuntu.com/security/CVE-2022-4378)

Vulnerability/
USN-5814-1

CWE

119 190 416

19/1/2023

USN-5814-1: Linux kernel vulnerabilities

First published: Thu Jan 19 2023(Updated: )

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-4378) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-lowlatency-64k	<5.19.0.1015.12	5.19.0.1015.12
	=22.10
All of
ubuntu/linux-image-5.19.0-1017-azure	<5.19.0-1017.18	5.19.0-1017.18
	=22.10
All of
ubuntu/linux-image-azure	<5.19.0.1017.13	5.19.0.1017.13
	=22.10
All of
ubuntu/linux-image-5.19.0-1015-lowlatency	<5.19.0-1015.16	5.19.0-1015.16
	=22.10
All of
ubuntu/linux-image-5.19.0-1015-lowlatency-64k	<5.19.0-1015.16	5.19.0-1015.16
	=22.10
All of
ubuntu/linux-image-lowlatency	<5.19.0.1015.12	5.19.0.1015.12
	=22.10
All of
ubuntu/linux-image-5.15.0-1023-intel-iotg	<5.15.0-1023.28	5.15.0-1023.28
	=22.04
All of
ubuntu/linux-image-gkeop	<5.15.0.1013.12	5.15.0.1013.12
	=22.04
All of
ubuntu/linux-image-lowlatency-hwe-22.04	<5.15.0.58.51	5.15.0.58.51
	=22.04
All of
ubuntu/linux-image-5.15.0-1013-gkeop	<5.15.0-1013.17	5.15.0-1013.17
	=22.04
All of
ubuntu/linux-image-lowlatency-64k	<5.15.0.58.51	5.15.0.58.51
	=22.04
All of
ubuntu/linux-image-intel-iotg	<5.15.0.1023.22	5.15.0.1023.22
	=22.04
All of
ubuntu/linux-image-5.15.0-58-lowlatency-64k	<5.15.0-58.64	5.15.0-58.64
	=22.04
All of
ubuntu/linux-image-lowlatency-64k-hwe-22.04	<5.15.0.58.51	5.15.0.58.51
	=22.04
All of
ubuntu/linux-image-5.15.0-58-lowlatency	<5.15.0-58.64	5.15.0-58.64
	=22.04
All of
ubuntu/linux-image-gkeop-5.15	<5.15.0.1013.12	5.15.0.1013.12
	=22.04
All of
ubuntu/linux-image-lowlatency	<5.15.0.58.51	5.15.0.58.51
	=22.04
All of
ubuntu/linux-image-oracle	<5.15.0.1027.33~20.04.1	5.15.0.1027.33~20.04.1
	=20.04
All of
ubuntu/linux-image-5.15.0-58-lowlatency	<5.15.0-58.64~20.04.1	5.15.0-58.64~20.04.1
	=20.04
All of
ubuntu/linux-image-5.15.0-58-lowlatency-64k	<5.15.0-58.64~20.04.1	5.15.0-58.64~20.04.1
	=20.04
All of
ubuntu/linux-image-lowlatency-64k-hwe-20.04	<5.15.0.58.64~20.04.21	5.15.0.58.64~20.04.21
	=20.04
All of
ubuntu/linux-image-lowlatency-hwe-20.04	<5.15.0.58.64~20.04.21	5.15.0.58.64~20.04.21
	=20.04
All of
ubuntu/linux-image-5.15.0-1027-oracle	<5.15.0-1027.33~20.04.1	5.15.0-1027.33~20.04.1
	=20.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID of this advisory?
The vulnerability ID of this advisory is USN-5814-1.
What is the severity of USN-5814-1?
The severity of this vulnerability (USN-5814-1) is not specified in the information provided.
How can a local attacker exploit CVE-2022-4378?
A local attacker can exploit CVE-2022-4378 by using a stack-based buffer overflow to cause a denial of service (system crash) or execute arbitrary code.
Which versions of Ubuntu are affected by this vulnerability?
The versions of Ubuntu affected by this vulnerability are Ubuntu 22.10 and Ubuntu 22.04.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Ubuntu security website: [link](https://ubuntu.com/security/CVE-2022-4378)

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
agent/weakness
collector/usn
source/Ubuntu
anchor-related/USN-5799-1
anchor-related/USN-5803-1
anchor-related/USN-5809-1
anchor-related/USN-5831-1
anchor-related/USN-5832-1
anchor-related/USN-5860-1
anchor-related/USN-5877-1
anchor-related/USN-5879-1
anchor-related/USN-5883-1
anchor-related/USN-5919-1
anchor-related/USN-5920-1
anchor-related/USN-5794-1
anchor-related/USN-5802-1
anchor-related/USN-5804-1
anchor-related/USN-5804-2
anchor-related/USN-5808-1
anchor-related/USN-5813-1
anchor-related/USN-5829-1
anchor-related/USN-5830-1
anchor-related/USN-5858-1
anchor-related/USN-5861-1
anchor-related/USN-5863-1
anchor-related/USN-5875-1
anchor-related/USN-5914-1
anchor-related/USN-5918-1
anchor-related/USN-5780-1
anchor-related/USN-5783-1
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/22.10
version/ubuntu ubuntu/22.04
version/ubuntu ubuntu/20.04