USN-5358-1

Details

It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1055)

It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-27666)

Affected Packages

Ubuntu:18.04:LTSlinux-hwe-5.4

Fixed in:

5.4.0-107.121~18.04.1

Ubuntu:18.04:LTSlinux-oracle-5.4

Fixed in:

5.4.0-1069.75~18.04.1

Ubuntu:20.04:LTSlinux

Fixed in:

5.4.0-107.121

Ubuntu:20.04:LTSlinux-aws

Fixed in:

5.4.0-1071.76

Ubuntu:20.04:LTSlinux-azure

Fixed in:

5.4.0-1074.77

Ubuntu:20.04:LTSlinux-hwe-5.13

Fixed in:

5.13.0-39.44~20.04.1

Ubuntu:20.04:LTSlinux-kvm

Fixed in:

5.4.0-1061.64

Ubuntu:20.04:LTSlinux-oracle

Fixed in:

5.4.0-1069.75

References

REPORThttps://ubuntu.com/security/CVE-2022-1055 REPORThttps://ubuntu.com/security/CVE-2022-27666 ADVISORYhttps://ubuntu.com/security/notices/USN-5358-1

USN-5358-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline