English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.12.2022.5687.1
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-5687-1)
Summary:The remote host is missing an update for the 'linux-azure-4.15' package(s) announced via the USN-5687-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-azure-4.15' package(s) announced via the USN-5687-1 advisory.

Vulnerability Insight:
It was discovered that the SUNRPC RDMA protocol implementation in the Linux
kernel did not properly calculate the header size of a RPC message payload.
A local attacker could use this to expose sensitive information (kernel
memory). (CVE-2022-0812)

Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation
in the Linux kernel did not provide sufficient randomization when
calculating port offsets. An attacker could possibly use this to expose
sensitive information. (CVE-2022-1012, CVE-2022-32296)

Duoming Zhou discovered that race conditions existed in the timer handling
implementation of the Linux kernel's Rose X.25 protocol layer, resulting in
use-after-free vulnerabilities. A local attacker could use this to cause a
denial of service (system crash). (CVE-2022-2318)

Roger Pau Monne discovered that the Xen virtual block driver in the Linux
kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-26365)

Roger Pau Monne discovered that the Xen paravirtualization frontend in the
Linux kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-33740)

It was discovered that the Xen paravirtualization frontend in the Linux
kernel incorrectly shared unrelated data when communicating with certain
backends. A local attacker could use this to cause a denial of service
(guest crash) or expose sensitive information (guest kernel memory).
(CVE-2022-33741, CVE-2022-33742)

Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in
the Linux kernel on ARM platforms contained a race condition in certain
situations. An attacker in a guest VM could use this to cause a denial of
service in the host OS. (CVE-2022-33744)

Affected Software/OS:
'linux-azure-4.15' package(s) on Ubuntu 18.04.

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2022-0812
https://access.redhat.com/security/cve/CVE-2022-0812
https://bugzilla.redhat.com/show_bug.cgi?id=2058361
https://bugzilla.redhat.com/show_bug.cgi?id=2058955
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=912288442cb2f431bf3c8cb097a5de83bc6dbac1
https://ubuntu.com/security/CVE-2022-0812
Common Vulnerability Exposure (CVE) ID: CVE-2022-1012
https://bugzilla.redhat.com/show_bug.cgi?id=2064604
https://lore.kernel.org/lkml/20220427065233.2075-1-w@1wt.eu/T/
Common Vulnerability Exposure (CVE) ID: CVE-2022-2318
Debian Security Information: DSA-5191 (Google Search)
https://www.debian.org/security/2022/dsa-5191
https://github.com/torvalds/linux/commit/9cc02ede696272c5271a401e4f27c262359bc2f6
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-26365
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP/
https://xenbits.xenproject.org/xsa/advisory-403.txt
http://www.openwall.com/lists/oss-security/2022/07/05/6
Common Vulnerability Exposure (CVE) ID: CVE-2022-32296
Debian Security Information: DSA-5173 (Google Search)
https://www.debian.org/security/2022/dsa-5173
https://arxiv.org/abs/2209.12993
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5
https://github.com/0xkol/rfc6056-device-tracker
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-33740
Common Vulnerability Exposure (CVE) ID: CVE-2022-33741
Common Vulnerability Exposure (CVE) ID: CVE-2022-33742
Common Vulnerability Exposure (CVE) ID: CVE-2022-33744
https://xenbits.xenproject.org/xsa/advisory-406.txt
http://www.openwall.com/lists/oss-security/2022/07/05/4
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.