USN-5557-1

Details

Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2588)

It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2586)

Affected Packages

Ubuntu:Pro:14.04:LTSlinux-aws

Fixed in:

4.4.0-1111.117

Ubuntu:Pro:14.04:LTSlinux-lts-xenial

Fixed in:

4.4.0-231.265~14.04.1

Ubuntu:Pro:16.04:LTSlinux

Fixed in:

4.4.0-231.265

Ubuntu:Pro:16.04:LTSlinux-aws

Fixed in:

4.4.0-1147.162

Ubuntu:Pro:16.04:LTSlinux-kvm

Fixed in:

4.4.0-1112.122

References

REPORThttps://ubuntu.com/security/CVE-2022-2586 REPORThttps://ubuntu.com/security/CVE-2022-2588 ADVISORYhttps://ubuntu.com/security/notices/USN-5557-1

USN-5557-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline