 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.12.2022.5669.1 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-5669-1) |
| Summary: | The remote host is missing an update for the 'linux, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon' package(s) announced via the USN-5669-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'linux, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon' package(s) announced via the USN-5669-1 advisory. Vulnerability Insight: It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0812) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monne discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monne discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741, CVE-2022-33742) Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in the Linux kernel on ARM platforms contained a race condition in certain situations. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2022-33744) Affected Software/OS: 'linux, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon' package(s) on Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2022-0812 https://access.redhat.com/security/cve/CVE-2022-0812 https://bugzilla.redhat.com/show_bug.cgi?id=2058361 https://bugzilla.redhat.com/show_bug.cgi?id=2058955 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=912288442cb2f431bf3c8cb097a5de83bc6dbac1 https://ubuntu.com/security/CVE-2022-0812 Common Vulnerability Exposure (CVE) ID: CVE-2022-1012 https://bugzilla.redhat.com/show_bug.cgi?id=2064604 https://lore.kernel.org/lkml/20220427065233.2075-1-w@1wt.eu/T/ Common Vulnerability Exposure (CVE) ID: CVE-2022-2318 Debian Security Information: DSA-5191 (Google Search) https://www.debian.org/security/2022/dsa-5191 https://github.com/torvalds/linux/commit/9cc02ede696272c5271a401e4f27c262359bc2f6 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2022-26365 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP/ https://xenbits.xenproject.org/xsa/advisory-403.txt http://www.openwall.com/lists/oss-security/2022/07/05/6 Common Vulnerability Exposure (CVE) ID: CVE-2022-32296 Debian Security Information: DSA-5173 (Google Search) https://www.debian.org/security/2022/dsa-5173 https://arxiv.org/abs/2209.12993 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5 https://github.com/0xkol/rfc6056-device-tracker https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2022-33740 Common Vulnerability Exposure (CVE) ID: CVE-2022-33741 Common Vulnerability Exposure (CVE) ID: CVE-2022-33742 Common Vulnerability Exposure (CVE) ID: CVE-2022-33744 https://xenbits.xenproject.org/xsa/advisory-406.txt http://www.openwall.com/lists/oss-security/2022/07/05/4 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |