USN-5544-1

Details

It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679)

Felix Fu discovered that the Sun RPC implementation in the Linux kernel did not properly handle socket states, leading to a use-after-free vulnerability. A remote attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-28893)

Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. (CVE-2022-34918)

Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652)

Affected Packages

Ubuntu:20.04:LTSlinux-hwe-5.15

Fixed in:

5.15.0-43.46~20.04.1

Ubuntu:20.04:LTSlinux-lowlatency-hwe-5.15

Fixed in:

5.15.0-43.46~20.04.1

Ubuntu:22.04:LTSlinux

Fixed in:

5.15.0-43.46

Ubuntu:22.04:LTSlinux-lowlatency

Fixed in:

5.15.0-43.46

References

REPORThttps://ubuntu.com/security/CVE-2022-1652 REPORThttps://ubuntu.com/security/CVE-2022-1679 REPORThttps://ubuntu.com/security/CVE-2022-28893 REPORThttps://ubuntu.com/security/CVE-2022-34918 ADVISORYhttps://ubuntu.com/security/notices/USN-5544-1

USN-5544-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline