USN-5416-1

Details

Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. (CVE-2022-1158)

It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516)

It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388)

It was discovered that the Microchip CAN BUS Analyzer interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28389)

It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-28390)

Affected Packages

Ubuntu:20.04:LTSlinux-oem-5.14

Fixed in:

5.14.0-1036.40

References

REPORThttps://ubuntu.com/security/CVE-2022-1158 REPORThttps://ubuntu.com/security/CVE-2022-1516 REPORThttps://ubuntu.com/security/CVE-2022-28388 REPORThttps://ubuntu.com/security/CVE-2022-28389 REPORThttps://ubuntu.com/security/CVE-2022-28390 ADVISORYhttps://ubuntu.com/security/notices/USN-5416-1

USN-5416-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline