USN-5317-1

Details

Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-25636)

Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by ARM to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information. (CVE-2022-23960)

Max Kellermann discovered that the Linux kernel incorrectly handled Unix pipes. A local attacker could potentially use this to modify any file that could be opened for reading. (CVE-2022-0847)

Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information. (CVE-2022-0001, CVE-2022-0002)

Affected Packages

Ubuntu:20.04:LTSlinux-aws-5.13

Fixed in:

5.13.0-1017.19~20.04.1

Ubuntu:20.04:LTSlinux-azure-5.13

Fixed in:

5.13.0-1017.19~20.04.1

Ubuntu:20.04:LTSlinux-gcp-5.13

Fixed in:

5.13.0-1019.23~20.04.1

Ubuntu:20.04:LTSlinux-hwe-5.13

Fixed in:

5.13.0-35.40~20.04.1

Ubuntu:20.04:LTSlinux-oem-5.14

Fixed in:

5.14.0-1027.30

Ubuntu:20.04:LTSlinux-oracle-5.13

Fixed in:

5.13.0-1021.26~20.04.1

References

REPORThttps://ubuntu.com/security/CVE-2022-0001 REPORThttps://ubuntu.com/security/CVE-2022-0002 REPORThttps://ubuntu.com/security/CVE-2022-0847 REPORThttps://ubuntu.com/security/CVE-2022-23960 REPORThttps://ubuntu.com/security/CVE-2022-25636 ADVISORYhttps://ubuntu.com/security/notices/USN-5317-1

USN-5317-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline