 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.12.2023.5854.1 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-5854-1) |
| Summary: | The remote host is missing an update for the 'linux, linux-aws, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2' package(s) announced via the USN-5854-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'linux, linux-aws, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2' package(s) announced via the USN-5854-1 advisory. Vulnerability Insight: It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 processors, the branch predictor could by mis-trained for return instructions in certain circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29900) Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29901) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-39842) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'linux, linux-aws, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2' package(s) on Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2022-20369 https://source.android.com/security/bulletin/pixel/2022-08-01 https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html Common Vulnerability Exposure (CVE) ID: CVE-2022-26373 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2022-2663 DSA-5257 https://www.debian.org/security/2022/dsa-5257 [debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663 https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/ https://www.openwall.com/lists/oss-security/2022/08/30/1 https://www.youtube.com/watch?v=WIq-YgQuYCA Common Vulnerability Exposure (CVE) ID: CVE-2022-29900 Debian Security Information: DSA-5207 (Google Search) https://www.debian.org/security/2022/dsa-5207 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/ https://security.gentoo.org/glsa/202402-07 https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/ https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037 Common Vulnerability Exposure (CVE) ID: CVE-2022-29901 https://comsec.ethz.ch/retbleed https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/ http://www.openwall.com/lists/oss-security/2022/07/12/4 http://www.openwall.com/lists/oss-security/2022/07/12/5 http://www.openwall.com/lists/oss-security/2022/07/12/2 http://www.openwall.com/lists/oss-security/2022/07/13/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-3646 https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d51a97063db4704a5ef6bc978dddab1636a306 https://vuldb.com/?id.211961 Common Vulnerability Exposure (CVE) ID: CVE-2022-3649 https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d325dc6eb763c10f591c239550b8c7e5466a5d09 https://vuldb.com/?id.211992 Common Vulnerability Exposure (CVE) ID: CVE-2022-39842 Debian Security Information: DSA-5257 (Google Search) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19 https://github.com/torvalds/linux/commit/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 https://lore.kernel.org/all/YylaC1wHHyLw22D3@kadam/T/ Common Vulnerability Exposure (CVE) ID: CVE-2022-41849 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5610bcfe8693c02e2e4c8b31427f1bdbdecc839c https://lore.kernel.org/all/20220925133243.GA383897@ubuntu/T/ https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html Common Vulnerability Exposure (CVE) ID: CVE-2022-41850 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cacdb14b1c8d3804a3a7d31773bc7569837b71a4 https://lore.kernel.org/all/20220904193115.GA28134@ubuntu/t/#u Common Vulnerability Exposure (CVE) ID: CVE-2022-43750 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.15 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a659daf63d16aa883be42f3f34ff84235c302198 https://github.com/torvalds/linux/commit/a659daf63d16aa883be42f3f34ff84235c302198 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |