English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.845472
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-5562-1)
Summary:The remote host is missing an update for the 'linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4' package(s) announced via the USN-5562-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4' package(s) announced via the USN-5562-1 advisory.

Vulnerability Insight:
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)

It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)

It was discovered that the block layer subsystem in the Linux kernel did
not properly initialize memory in some situations. A privileged local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-0494)

Hu Jiahui discovered that multiple race conditions existed in the Advanced
Linux Sound Architecture (ALSA) framework, leading to use-after-free
vulnerabilities. A local attacker could use these to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2022-1048)

Minh Yuan discovered that the floppy disk driver in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2022-1652)

It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)

It was discovered that the Marvell NFC device driver implementation in the
Linux kernel did not properly perform memory cleanup operations in some
situations, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2022-1734)

Duoming Zhou discovered a race condition in the NFC subsystem in the Linux
kernel, leading to a use-after-free vulnerability. A privileged local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-1974)

Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not
properly prevent context switches from occurring during certain atomic
context operations. A privileged local attacker could use this to cause a
denial of service (system crash). (CVE-2022-1975)

Felix Fu discovered that the Sun RPC implementation in the Linux kernel did
not properly handle socket states, leading to a use-after-free
vulnerability. A remote attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-28893)

Arthur Mongodin discovered that the netfilter subsystem ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4' package(s) on Ubuntu 18.04, Ubuntu 20.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2022-0494
Debian Security Information: DSA-5161 (Google Search)
https://www.debian.org/security/2022/dsa-5161
Debian Security Information: DSA-5173 (Google Search)
https://www.debian.org/security/2022/dsa-5173
https://bugzilla.redhat.com/show_bug.cgi?id=2039448
https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel@gmail.com/
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-1048
Debian Security Information: DSA-5127 (Google Search)
https://www.debian.org/security/2022/dsa-5127
https://bugzilla.redhat.com/show_bug.cgi?id=2066706
https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai@suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3
Common Vulnerability Exposure (CVE) ID: CVE-2022-1652
https://bugzilla.redhat.com/show_bug.cgi?id=1832397
https://francozappa.github.io/about-bias/
https://kb.cert.org/vuls/id/647177/
Common Vulnerability Exposure (CVE) ID: CVE-2022-1679
https://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-1734
https://github.com/torvalds/linux/commit/d270453a0d9ec10bb8a802a142fb1b3601a83098
http://www.openwall.com/lists/oss-security/2022/06/05/4
http://www.openwall.com/lists/oss-security/2022/06/09/1
Common Vulnerability Exposure (CVE) ID: CVE-2022-1974
https://github.com/torvalds/linux/commit/da5c0f119203ad9728920456a0f52a6d850c01cd
Common Vulnerability Exposure (CVE) ID: CVE-2022-1975
https://github.com/torvalds/linux/commit/4071bf121d59944d5cd2238de0642f3d7995a997
Common Vulnerability Exposure (CVE) ID: CVE-2022-2586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t
https://ubuntu.com/security/notices/USN-5557-1
https://ubuntu.com/security/notices/USN-5560-1
https://ubuntu.com/security/notices/USN-5560-2
https://ubuntu.com/security/notices/USN-5562-1
https://ubuntu.com/security/notices/USN-5564-1
https://ubuntu.com/security/notices/USN-5565-1
https://ubuntu.com/security/notices/USN-5566-1
https://ubuntu.com/security/notices/USN-5567-1
https://ubuntu.com/security/notices/USN-5582-1
https://www.openwall.com/lists/oss-security/2022/08/09/5
https://www.zerodayinitiative.com/advisories/ZDI-22-1118/
Common Vulnerability Exposure (CVE) ID: CVE-2022-2588
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588
https://github.com/Markakd/CVE-2022-2588
https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u
https://ubuntu.com/security/notices/USN-5588-1
https://www.openwall.com/lists/oss-security/2022/08/09/6
https://www.zerodayinitiative.com/advisories/ZDI-22-1117/
Common Vulnerability Exposure (CVE) ID: CVE-2022-28893
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a
http://www.openwall.com/lists/oss-security/2022/04/11/3
http://www.openwall.com/lists/oss-security/2022/04/11/4
http://www.openwall.com/lists/oss-security/2022/04/11/5
Common Vulnerability Exposure (CVE) ID: CVE-2022-34918
Debian Security Information: DSA-5191 (Google Search)
https://www.debian.org/security/2022/dsa-5191
http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html
http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6
https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/#u
https://www.openwall.com/lists/oss-security/2022/07/02/3
https://www.randorisec.fr/crack-linux-firewall/
http://www.openwall.com/lists/oss-security/2022/07/05/1
http://www.openwall.com/lists/oss-security/2022/08/06/5
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.