 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.845504 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-5594-1) |
| Summary: | The remote host is missing an update for the 'linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-ibm, linux-kvm, linux-lowlatency' package(s) announced via the USN-5594-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-ibm, linux-kvm, linux-lowlatency' package(s) announced via the USN-5594-1 advisory. Vulnerability Insight: Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33061) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle an illegal instruction in a guest, resulting in a null pointer dereference. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2022-1852) It was discovered that the UDF file system implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1943) Gerald Lee discovered that the NTFS file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2022-1973) It was discovered that the device-mapper verity (dm-verity) driver in the Linux kernel did not properly verify targets being loaded into the device- mapper table. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2503) Zheyu Ma discovered that the Intel iSMT SMBus host controller driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2873) Selim Enes Karaduman discovered that a race condition existed in the pipe buffers implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly escalate privileges. (CVE-2022-2959) Affected Software/OS: 'linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-ibm, linux-kvm, linux-lowlatency' package(s) on Ubuntu 20.04, Ubuntu 22.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-33061 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00571.html Common Vulnerability Exposure (CVE) ID: CVE-2022-1012 https://bugzilla.redhat.com/show_bug.cgi?id=2064604 https://lore.kernel.org/lkml/20220427065233.2075-1-w@1wt.eu/T/ Common Vulnerability Exposure (CVE) ID: CVE-2022-1729 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704 https://www.openwall.com/lists/oss-security/2022/05/20/2 Common Vulnerability Exposure (CVE) ID: CVE-2022-1852 https://bugzilla.redhat.com/show_bug.cgi?id=2089815 https://github.com/torvalds/linux/commit/fee060cd52d69c114b62d1a2948ea9648b5131f9 Common Vulnerability Exposure (CVE) ID: CVE-2022-1943 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1ad35dd0548ce947d97aaf92f7f2f9a202951cf Common Vulnerability Exposure (CVE) ID: CVE-2022-1973 https://bugzilla.redhat.com/show_bug.cgi?id=2092542 Common Vulnerability Exposure (CVE) ID: CVE-2022-2503 https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m Common Vulnerability Exposure (CVE) ID: CVE-2022-2873 Debian Security Information: DSA-5324 (Google Search) https://www.debian.org/security/2023/dsa-5324 https://lore.kernel.org/lkml/20220729093451.551672-1-zheyuma97@gmail.com/T/ https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2022-2959 https://github.com/torvalds/linux/commit/189b0ddc245139af81198d1a3637cac74f96e13a https://www.zerodayinitiative.com/advisories/ZDI-22-1165/ |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |