Test ID:	1.3.6.1.4.1.25623.1.0.845287
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5339-1)
Summary:	The remote host is missing an update for the 'linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon' package(s) announced via the USN-5339-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon' package(s) announced via the USN-5339-1 advisory. Vulnerability Insight: Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. (CVE-2022-0492) It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). (CVE-2021-3506) Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-43976) It was discovered that the ARM Trusted Execution Environment (TEE) subsystem in the Linux kernel contained a race condition leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-44733) It was discovered that the Phone Network protocol (PhoNet) implementation in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45095) Samuel Page discovered that the Transparent Inter-Process Communication (TIPC) protocol implementation in the Linux kernel contained a stack-based buffer overflow. A remote attacker could use this to cause a denial of service (system crash) for systems that have a TIPC bearer configured. (CVE-2022-0435) Affected Software/OS: 'linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-3506 https://bugzilla.redhat.com/show_bug.cgi?id=1944298 https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2520013.html https://www.openwall.com/lists/oss-security/2021/03/28/2 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html http://www.openwall.com/lists/oss-security/2021/05/08/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-43976 https://security.netapp.com/advisory/ntap-20211210-0001/ Debian Security Information: DSA-5092 (Google Search) https://www.debian.org/security/2022/dsa-5092 Debian Security Information: DSA-5096 (Google Search) https://www.debian.org/security/2022/dsa-5096 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N/ https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04d80663f67ccef893061b49ec8a42ff7045ae84 https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/ https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2021-44733 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfd0743f1d9ea76931510ed150334d571fbab49d https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/tee/tee_shm.c https://github.com/pjlantz/optee-qemu/blob/main/README.md https://lore.kernel.org/lkml/20211215092501.1861229-1-jens.wiklander@linaro.org/ Common Vulnerability Exposure (CVE) ID: CVE-2021-45095 Debian Security Information: DSA-5050 (Google Search) https://www.debian.org/security/2022/dsa-5050 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=bcd0f93353326954817a4f9fa55ec57fb38acbb0 https://github.com/torvalds/linux/commit/bcd0f93353326954817a4f9fa55ec57fb38acbb0 Common Vulnerability Exposure (CVE) ID: CVE-2022-0435 https://security.netapp.com/advisory/ntap-20220602-0001/ https://bugzilla.redhat.com/show_bug.cgi?id=2048738 https://www.openwall.com/lists/oss-security/2022/02/10/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-0492 Debian Security Information: DSA-5095 (Google Search) https://www.debian.org/security/2022/dsa-5095 http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html https://bugzilla.redhat.com/show_bug.cgi?id=2051505 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.