USN-5465-1

Details

It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499)

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions. (CVE-2022-30594)

Affected Packages

Ubuntu:Pro:14.04:LTSlinux-aws

Fixed in:

4.4.0-1107.113

Ubuntu:Pro:14.04:LTSlinux-lts-xenial

Fixed in:

4.4.0-227.261~14.04.1

Ubuntu:Pro:16.04:LTSlinux

Fixed in:

4.4.0-227.261

Ubuntu:Pro:16.04:LTSlinux-aws

Fixed in:

4.4.0-1143.158

Ubuntu:Pro:16.04:LTSlinux-kvm

Fixed in:

4.4.0-1108.118

References

REPORThttps://ubuntu.com/security/CVE-2022-1966 REPORThttps://ubuntu.com/security/CVE-2022-21499 REPORThttps://ubuntu.com/security/CVE-2022-30594 ADVISORYhttps://ubuntu.com/security/notices/USN-5465-1

USN-5465-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline