First published: Mon Jan 30 2023(Updated: )
Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-4378) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-5.19.0-1012-raspi-nolpae | <5.19.0-1012.19 | 5.19.0-1012.19 |
=22.10 | ||
All of | ||
ubuntu/linux-image-raspi-nolpae | <5.19.0.1012.11 | 5.19.0.1012.11 |
=22.10 | ||
All of | ||
ubuntu/linux-image-raspi | <5.19.0.1012.11 | 5.19.0.1012.11 |
=22.10 | ||
All of | ||
ubuntu/linux-image-5.19.0-1012-raspi | <5.19.0-1012.19 | 5.19.0-1012.19 |
=22.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for this Linux kernel vulnerability is CVE-2022-4378.
This vulnerability could allow a local attacker to cause a denial of service (system crash) or execute arbitrary code.
This vulnerability can be exploited by a local attacker using a stack-based buffer overflow or by exploiting the Bluetooth L2CAP handshake implementation.
To fix this vulnerability, update your Ubuntu system to the specific kernel versions mentioned in the Ubuntu security advisories (USN-5832-1).
You can find more information about this vulnerability in the Ubuntu security advisories linked in the references section.