English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.845401
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-5471-1)
Summary:The remote host is missing an update for the 'linux-oem-5.17' package(s) announced via the USN-5471-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-oem-5.17' package(s) announced via the USN-5471-1 advisory.

Vulnerability Insight:
It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.
(CVE-2022-21499)

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did
not properly handle the removal of stateful expressions in some situations,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-1966)

Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation
in the Linux kernel did not provide sufficient randomization when
calculating port offsets. An attacker could possibly use this to expose
sensitive information. (CVE-2022-1012)

Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol
implementation in the Linux kernel, leading to use-after-free
vulnerabilities. A local attacker could possibly use this to cause a denial
of service (system crash). (CVE-2022-1205)

It was discovered that the Marvell NFC device driver implementation in the
Linux kernel did not properly perform memory cleanup operations in some
situations, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2022-1734)

Minh Yuan discovered that the floppy driver in the Linux kernel contained a
race condition in some situations, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-1836)

Ziming Zhang discovered that the netfilter subsystem in the Linux kernel
did not properly validate sets with multiple ranged fields. A local
attacker could use this to cause a denial of service or execute arbitrary
code. (CVE-2022-1972)

Joseph Ravichandran and Michael Wang discovered that the io_uring subsystem
in the Linux kernel did not properly initialize data in some situations. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2022-29968)

Affected Software/OS:
'linux-oem-5.17' package(s) on Ubuntu 22.04.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2022-1012
https://bugzilla.redhat.com/show_bug.cgi?id=2064604
https://lore.kernel.org/lkml/20220427065233.2075-1-w@1wt.eu/T/
Common Vulnerability Exposure (CVE) ID: CVE-2022-1205
https://access.redhat.com/security/cve/CVE-2022-1205
https://bugzilla.redhat.com/show_bug.cgi?id=2071047
https://github.com/torvalds/linux/commit/82e31755e55fbcea6a9dfaae5fe4860ade17cbc0
https://github.com/torvalds/linux/commit/fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009
https://www.openwall.com/lists/oss-security/2022/04/02/4
Common Vulnerability Exposure (CVE) ID: CVE-2022-1734
Debian Security Information: DSA-5173 (Google Search)
https://www.debian.org/security/2022/dsa-5173
https://github.com/torvalds/linux/commit/d270453a0d9ec10bb8a802a142fb1b3601a83098
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
http://www.openwall.com/lists/oss-security/2022/06/05/4
http://www.openwall.com/lists/oss-security/2022/06/09/1
Common Vulnerability Exposure (CVE) ID: CVE-2022-1836
Common Vulnerability Exposure (CVE) ID: CVE-2022-1966
Common Vulnerability Exposure (CVE) ID: CVE-2022-1972
Common Vulnerability Exposure (CVE) ID: CVE-2022-21499
Debian Security Information: DSA-5161 (Google Search)
https://www.debian.org/security/2022/dsa-5161
http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html
https://git.kernel.org/linus/eadb2f47a3ced5c64b23b90fd2a3463f63726066
Common Vulnerability Exposure (CVE) ID: CVE-2022-29968
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWTG3TWIMLNQEVTA3ZQYVLLU2AJM3DY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XA7UZ3HS73KXVYCIKN5ZDH7LLLGPUMOZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU7MT7BPTA2NG24BTLZF5ZWYTLSO7BU3/
https://github.com/torvalds/linux/commit/32452a3eb8b64e01e2be717f518c0be046975b9d
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.