English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.12.2022.5668.1
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-5668-1)
Summary:The remote host is missing an update for the 'linux, linux-aws, linux-bluefield, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle' package(s) announced via the USN-5668-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux, linux-aws, linux-bluefield, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle' package(s) announced via the USN-5668-1 advisory.

Vulnerability Insight:
It was discovered that the BPF verifier in the Linux kernel did not
properly handle internal data structures. A local attacker could use this
to expose sensitive information (kernel memory). (CVE-2021-4159)

It was discovered that an out-of-bounds write vulnerability existed in the
Video for Linux 2 (V4L2) implementation in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-20369)

Duoming Zhou discovered that race conditions existed in the timer handling
implementation of the Linux kernel's Rose X.25 protocol layer, resulting in
use-after-free vulnerabilities. A local attacker could use this to cause a
denial of service (system crash). (CVE-2022-2318)

Roger Pau Monne discovered that the Xen virtual block driver in the Linux
kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-26365)

Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan
and Ariel Sabba discovered that some Intel processors with Enhanced
Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET
instructions after a VM exits. A local attacker could potentially use this
to expose sensitive information. (CVE-2022-26373)

Eric Biggers discovered that a use-after-free vulnerability existed in the
io_uring subsystem in the Linux kernel. A local attacker could possibly use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-3176)

Roger Pau Monne discovered that the Xen paravirtualization frontend in the
Linux kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-33740)

It was discovered that the Xen paravirtualization frontend in the Linux
kernel incorrectly shared unrelated data when communicating with certain
backends. A local attacker could use this to cause a denial of service
(guest crash) or expose sensitive information (guest kernel memory).
(CVE-2022-33741, CVE-2022-33742)

Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in
the Linux kernel on ARM platforms contained a race condition in certain
situations. An attacker in a guest VM could use this to cause a denial of
service in the host OS. (CVE-2022-33744)

It was discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2022-36879)

Affected Software/OS:
'linux, linux-aws, linux-bluefield, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle' package(s) on Ubuntu 18.04, Ubuntu 20.04.

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-4159
[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
https://access.redhat.com/security/cve/CVE-2021-4159
https://bugzilla.redhat.com/show_bug.cgi?id=2036024
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd
https://security-tracker.debian.org/tracker/CVE-2021-4159
Common Vulnerability Exposure (CVE) ID: CVE-2022-20369
https://source.android.com/security/bulletin/pixel/2022-08-01
https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-2318
Debian Security Information: DSA-5191 (Google Search)
https://www.debian.org/security/2022/dsa-5191
https://github.com/torvalds/linux/commit/9cc02ede696272c5271a401e4f27c262359bc2f6
Common Vulnerability Exposure (CVE) ID: CVE-2022-26365
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP/
https://xenbits.xenproject.org/xsa/advisory-403.txt
http://www.openwall.com/lists/oss-security/2022/07/05/6
Common Vulnerability Exposure (CVE) ID: CVE-2022-26373
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html
https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-3176
Debian Security Information: DSA-5257 (Google Search)
https://www.debian.org/security/2022/dsa-5257
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?h=linux-5.4.y&id=fc78b2fc21f10c4c9c4d5d659a685710ffa63659
https://kernel.dance/#fc78b2fc21f10c4c9c4d5d659a685710ffa63659
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-33740
Common Vulnerability Exposure (CVE) ID: CVE-2022-33741
Common Vulnerability Exposure (CVE) ID: CVE-2022-33742
Common Vulnerability Exposure (CVE) ID: CVE-2022-33744
https://xenbits.xenproject.org/xsa/advisory-406.txt
http://www.openwall.com/lists/oss-security/2022/07/05/4
Common Vulnerability Exposure (CVE) ID: CVE-2022-36879
Debian Security Information: DSA-5207 (Google Search)
https://www.debian.org/security/2022/dsa-5207
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901
https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.