USN-5802-1

Details

It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945)

Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896)

It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643)

It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934)

Affected Packages

Ubuntu:Pro:14.04:LTSlinux-aws

Fixed in:

4.4.0-1115.121

Ubuntu:Pro:14.04:LTSlinux-lts-xenial

Fixed in:

4.4.0-236.270~14.04.1

Ubuntu:Pro:16.04:LTSlinux

Fixed in:

4.4.0-236.270

Ubuntu:Pro:16.04:LTSlinux-kvm

Fixed in:

4.4.0-1116.126

References

REPORThttps://ubuntu.com/security/CVE-2022-3643 REPORThttps://ubuntu.com/security/CVE-2022-42896 REPORThttps://ubuntu.com/security/CVE-2022-43945 REPORThttps://ubuntu.com/security/CVE-2022-45934 ADVISORYhttps://ubuntu.com/security/notices/USN-5802-1

USN-5802-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline