USN-5926-1: Linux kernel vulnerabilities
First published: Mon Mar 06 2023(Updated: )
Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. (CVE-2021-4155) Lee Jones discovered that a use-after-free vulnerability existed in the Bluetooth implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20566) Duoming Zhou discovered that a race condition existed in the SLIP driver in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2022-41858) Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-virtual | <4.4.0.237.243 | 4.4.0.237.243 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-generic | <4.4.0.237.243 | 4.4.0.237.243 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-lowlatency-lts-xenial | <4.4.0.237.243 | 4.4.0.237.243 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-237-generic | <4.4.0-237.271+1 | 4.4.0-237.271+1 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-1117-kvm | <4.4.0-1117.127 | 4.4.0-1117.127 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-237-lowlatency | <4.4.0-237.271+1 | 4.4.0-237.271+1 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-virtual-lts-xenial | <4.4.0.237.243 | 4.4.0.237.243 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-generic-lts-xenial | <4.4.0.237.243 | 4.4.0.237.243 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-kvm | <4.4.0.1117.114 | 4.4.0.1117.114 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-lowlatency | <4.4.0.237.243 | 4.4.0.237.243 |
| =16.04 | ||
| All of | ||
| ubuntu/linux-image-generic-lts-xenial | <4.4.0.237.206 | 4.4.0.237.206 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-lowlatency-lts-xenial | <4.4.0.237.206 | 4.4.0.237.206 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-237-generic | <4.4.0-237.271~14.04.1 | 4.4.0-237.271~14.04.1 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-237-lowlatency | <4.4.0-237.271~14.04.1 | 4.4.0-237.271~14.04.1 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-aws | <4.4.0.1116.113 | 4.4.0.1116.113 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-4.4.0-1116-aws | <4.4.0-1116.122 | 4.4.0-1116.122 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-virtual-lts-xenial | <4.4.0.237.206 | 4.4.0.237.206 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2022-42895
- https://ubuntu.com/security/CVE-2021-4155
- https://ubuntu.com/security/CVE-2022-41858
- https://ubuntu.com/security/CVE-2023-0045
- https://ubuntu.com/security/CVE-2023-23559
- https://ubuntu.com/security/CVE-2022-20566
- https://ubuntu.com/security/notices/USN-5780-1
- https://ubuntu.com/security/notices/USN-5850-1
- https://ubuntu.com/security/notices/USN-5851-1
- https://ubuntu.com/security/notices/USN-5858-1
- https://ubuntu.com/security/notices/USN-5859-1
- https://ubuntu.com/security/notices/USN-5860-1
- https://ubuntu.com/security/notices/USN-5874-1
- https://ubuntu.com/security/notices/USN-5875-1
- https://ubuntu.com/security/notices/USN-5876-1
- https://ubuntu.com/security/notices/USN-5877-1
- https://ubuntu.com/security/notices/USN-5878-1
- https://ubuntu.com/security/notices/USN-5879-1
- https://ubuntu.com/security/notices/USN-5853-1
- https://ubuntu.com/security/notices/USN-5883-1
- https://ubuntu.com/security/notices/USN-5884-1
- https://ubuntu.com/security/notices/USN-5909-1
- https://ubuntu.com/security/notices/USN-5918-1
- https://ubuntu.com/security/notices/USN-5919-1
- https://ubuntu.com/security/notices/USN-5920-1
- https://ubuntu.com/security/notices/USN-5924-1
- https://ubuntu.com/security/notices/USN-5925-1
- https://ubuntu.com/security/notices/USN-5927-1
- https://ubuntu.com/security/notices/USN-5975-1
- https://ubuntu.com/security/notices/USN-6007-1
- https://ubuntu.com/security/notices/USN-5278-1
- https://ubuntu.com/security/notices/USN-5294-1
- https://ubuntu.com/security/notices/USN-5295-1
- https://ubuntu.com/security/notices/USN-5295-2
- https://ubuntu.com/security/notices/USN-5297-1
- https://ubuntu.com/security/notices/USN-5294-2
- https://ubuntu.com/security/notices/USN-5298-1
- https://ubuntu.com/security/notices/USN-5362-1
- https://ubuntu.com/security/notices/USN-5913-1
- https://ubuntu.com/security/notices/USN-5914-1
- https://ubuntu.com/security/notices/USN-5915-1
- https://ubuntu.com/security/notices/USN-5917-1
- https://ubuntu.com/security/notices/USN-5934-1
- https://ubuntu.com/security/notices/USN-5939-1
- https://ubuntu.com/security/notices/USN-5940-1
- https://ubuntu.com/security/notices/USN-5951-1
- https://ubuntu.com/security/notices/USN-5970-1
- https://ubuntu.com/security/notices/USN-5979-1
- https://ubuntu.com/security/notices/USN-5981-1
- https://ubuntu.com/security/notices/USN-5982-1
- https://ubuntu.com/security/notices/USN-5984-1
- https://ubuntu.com/security/notices/USN-5987-1
- https://ubuntu.com/security/notices/USN-5991-1
- https://ubuntu.com/security/notices/USN-6000-1
- https://ubuntu.com/security/notices/USN-6004-1
- https://ubuntu.com/security/notices/USN-6009-1
- https://ubuntu.com/security/notices/USN-6030-1
- https://ubuntu.com/security/notices/USN-5978-1
- https://ubuntu.com/security/notices/USN-5980-1
- https://ubuntu.com/security/notices/USN-5985-1
- https://ubuntu.com/security/notices/USN-6020-1
- https://ubuntu.com/security/notices/USN-6031-1
- https://ubuntu.com/security/notices/USN-6032-1
- https://ubuntu.com/security/notices/USN-6151-1
- https://ubuntu.com/security/notices/USN-5926-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this Linux kernel vulnerability?
The vulnerability ID for this Linux kernel vulnerability is CVE-2021-4155.
How does the XFS file system vulnerability in the Linux kernel affect users?
The XFS file system vulnerability in the Linux kernel can be used by a local attacker to expose sensitive information.
What is the recommended version of the Linux kernel package to fix this vulnerability on Ubuntu 16.04?
The recommended version of the Linux kernel package to fix this vulnerability on Ubuntu 16.04 is 4.4.0.237.243.
Are there any other vulnerabilities associated with this Linux kernel update?
Yes, there are other vulnerabilities associated with this Linux kernel update. The vulnerability IDs are CVE-2022-42895 and CVE-2022-41858.
Where can I find more information about this Linux kernel vulnerability?
You can find more information about this Linux kernel vulnerability on the Ubuntu security advisories: [CVE-2021-4155](https://ubuntu.com/security/CVE-2021-4155), [CVE-2022-42895](https://ubuntu.com/security/CVE-2022-42895), [CVE-2022-41858](https://ubuntu.com/security/CVE-2022-41858).
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/usn
- source/Ubuntu
- anchor-related/USN-5780-1
- anchor-related/USN-5850-1
- anchor-related/USN-5851-1
- anchor-related/USN-5858-1
- anchor-related/USN-5859-1
- anchor-related/USN-5860-1
- anchor-related/USN-5874-1
- anchor-related/USN-5875-1
- anchor-related/USN-5876-1
- anchor-related/USN-5877-1
- anchor-related/USN-5878-1
- anchor-related/USN-5879-1
- anchor-related/USN-5853-1
- anchor-related/USN-5883-1
- anchor-related/USN-5884-1
- anchor-related/USN-5909-1
- anchor-related/USN-5918-1
- anchor-related/USN-5919-1
- anchor-related/USN-5920-1
- anchor-related/USN-5924-1
- anchor-related/USN-5925-1
- anchor-related/USN-5927-1
- anchor-related/USN-5975-1
- anchor-related/USN-6007-1
- anchor-related/USN-5278-1
- anchor-related/USN-5294-1
- anchor-related/USN-5295-1
- anchor-related/USN-5295-2
- anchor-related/USN-5297-1
- anchor-related/USN-5294-2
- anchor-related/USN-5298-1
- anchor-related/USN-5362-1
- anchor-related/USN-5913-1
- anchor-related/USN-5914-1
- anchor-related/USN-5915-1
- anchor-related/USN-5917-1
- anchor-related/USN-5934-1
- anchor-related/USN-5939-1
- anchor-related/USN-5940-1
- anchor-related/USN-5951-1
- anchor-related/USN-5970-1
- anchor-related/USN-5979-1
- anchor-related/USN-5981-1
- anchor-related/USN-5982-1
- anchor-related/USN-5984-1
- anchor-related/USN-5987-1
- anchor-related/USN-5991-1
- anchor-related/USN-6000-1
- anchor-related/USN-6004-1
- anchor-related/USN-6009-1
- anchor-related/USN-6030-1
- anchor-related/USN-5978-1
- anchor-related/USN-5980-1
- anchor-related/USN-5985-1
- anchor-related/USN-6020-1
- anchor-related/USN-6031-1
- anchor-related/USN-6032-1
- anchor-related/USN-6151-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04