 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.12.2023.5792.2 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-5792-2) |
| Summary: | The remote host is missing an update for the 'linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde' package(s) announced via the USN-5792-2 advisory. |
| Description: | Summary: The remote host is missing an update for the 'linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde' package(s) announced via the USN-5792-2 advisory. Vulnerability Insight: Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization (SEV). A local attacker could possibly use this to cause a denial of service (host system crash). (CVE-2022-0171) It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20421) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303) Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3586) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) Jann Horn discovered a race condition existed in the Linux kernel when unmapping VMAs in certain situations, resulting in possible use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-39188) Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-39842) It was discovered that a race condition existed in the EFI capsule loader driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-40307) Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde' package(s) on Ubuntu 20.04, Ubuntu 22.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2022-0171 Debian Security Information: DSA-5257 (Google Search) https://www.debian.org/security/2022/dsa-5257 https://access.redhat.com/security/cve/CVE-2022-0171 https://bugzilla.redhat.com/show_bug.cgi?id=2038940 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html Common Vulnerability Exposure (CVE) ID: CVE-2022-20421 https://source.android.com/security/bulletin/2022-10-01 Common Vulnerability Exposure (CVE) ID: CVE-2022-2663 DSA-5257 [debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663 https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/ https://www.openwall.com/lists/oss-security/2022/08/30/1 https://www.youtube.com/watch?v=WIq-YgQuYCA Common Vulnerability Exposure (CVE) ID: CVE-2022-3061 https://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev.git/commit/?id=15cf0b82271b1823fb02ab8c377badba614d95d5 Common Vulnerability Exposure (CVE) ID: CVE-2022-3303 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8423f0b6d513b259fdab9c9bf4aaa6188d054c2d https://lore.kernel.org/all/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aaZA@mail.gmail.com/ Common Vulnerability Exposure (CVE) ID: CVE-2022-3586 https://github.com/torvalds/linux/commit/9efd23297cca https://www.zerodayinitiative.com/advisories/upcoming/ Common Vulnerability Exposure (CVE) ID: CVE-2022-3646 https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d51a97063db4704a5ef6bc978dddab1636a306 https://vuldb.com/?id.211961 https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html Common Vulnerability Exposure (CVE) ID: CVE-2022-3649 https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d325dc6eb763c10f591c239550b8c7e5466a5d09 https://vuldb.com/?id.211992 Common Vulnerability Exposure (CVE) ID: CVE-2022-39188 https://bugs.chromium.org/p/project-zero/issues/detail?id=2329 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b67fbebd4cf980aecbcc750e1462128bffe8ae15 https://github.com/torvalds/linux/commit/b67fbebd4cf980aecbcc750e1462128bffe8ae15 https://lore.kernel.org/stable/CAG48ez3SEqOPcPCYGHVZv4iqEApujD5VtM3Re-tCKLDEFdEdbg@mail.gmail.com/ Common Vulnerability Exposure (CVE) ID: CVE-2022-39842 https://github.com/torvalds/linux/commit/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 https://lore.kernel.org/all/YylaC1wHHyLw22D3@kadam/T/ Common Vulnerability Exposure (CVE) ID: CVE-2022-40307 https://github.com/torvalds/linux/commit/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 Common Vulnerability Exposure (CVE) ID: CVE-2022-4095 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c53b3dcb9942b8ed7f81ee3921c4085d87070c73 Common Vulnerability Exposure (CVE) ID: CVE-2022-43750 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.15 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a659daf63d16aa883be42f3f34ff84235c302198 https://github.com/torvalds/linux/commit/a659daf63d16aa883be42f3f34ff84235c302198 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |