Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1736 USN-5381-1: Linux kernel (OEM) vulnerabilities 22 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux kernel (OEM) Publisher: Ubuntu Operating System: Ubuntu Resolution: Patch/Upgrade CVE Names: CVE-2022-28356 CVE-2022-27223 CVE-2022-26966 CVE-2022-26490 CVE-2022-24958 CVE-2022-1048 CVE-2022-1016 CVE-2022-1015 CVE-2022-1011 CVE-2022-0854 CVE-2022-0494 Original Bulletin: https://ubuntu.com/security/notices/USN-5381-1 Comment: CVSS (Max): 8.8 CVE-2022-27223 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: [NVD], Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5381-1: Linux kernel (OEM) vulnerabilities 20 April 2022 Several security issues were fixed in the Linux kernel. Releases o Ubuntu 20.04 LTS Packages o linux-oem-5.14 - Linux kernel for OEM systems Details David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. ( CVE-2022-1015 ) It was discovered that the block layer subsystem in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). ( CVE-2022-0494 ) It was discovered that the DMA subsystem in the Linux kernel did not properly ensure bounce buffers were completely overwritten by the DMA device. A local attacker could use this to expose sensitive information (kernel memory). ( CVE-2022-0854 ) Jann Horn discovered that the FUSE file system in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. ( CVE-2022-1011 ) David Bouman discovered that the netfilter subsystem in the Linux kernel did not initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). ( CVE-2022-1016 ) Hu Jiahui discovered that multiple race conditions existed in the Advanced Linux Sound Architecture (ALSA) framework, leading to use-after-free vulnerabilities. A local attacker could use these to cause a denial of service (system crash) or possibly execute arbitrary code. ( CVE-2022-1048 ) It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. ( CVE-2022-24958 ) It was discovered that the ST21NFCA NFC driver in the Linux kernel did not properly validate the size of certain data in EVT_TRANSACTION events. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. ( CVE-2022-26490 ) It was discovered that the USB SR9700 ethernet device driver for the Linux kernel did not properly validate the length of requests from the device. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). ( CVE-2022-26966 ) It was discovered that the Xilinx USB2 device gadget driver in the Linux kernel did not properly validate endpoint indices from the host. A physically proximate attacker could possibly use this to cause a denial of service (system crash). ( CVE-2022-27223 ) discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. ( CVE-2022-28356 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 o linux-image-oem-20.04c - 5.14.0.1033.30 o linux-image-oem-20.04b - 5.14.0.1033.30 o linux-image-oem-20.04d - 5.14.0.1033.30 o linux-image-oem-20.04 - 5.14.0.1033.30 o linux-image-5.14.0-1033-oem - 5.14.0-1033.36 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References o CVE-2022-1016 o CVE-2022-26966 o CVE-2022-0854 o CVE-2022-26490 o CVE-2022-24958 o CVE-2022-1011 o CVE-2022-28356 o CVE-2022-0494 o CVE-2022-1015 o CVE-2022-1048 o CVE-2022-27223 Related notices o USN-5383-1 : linux-modules-5.13.0-1027-oracle, linux-oracle-5.13-headers-5.13.0-1027, linux-oracle-edge, linux-headers-5.13.0-1025-raspi, linux-modules-5.13.0-40-lowlatency, linux-image-5.13.0-1022-azure, linux-image-lowlatency-hwe-20.04-edge, linux-image-generic-lpae-hwe-20.04-edge, linux-headers-5.13.0-1022-azure, linux-image-gke, linux-image-unsigned-5.13.0-1027-oracle, linux-image-5.13.0-1027-oracle, linux-tools-5.13.0-40-generic-lpae, linux-headers-gke, linux-image-generic-64k, linux-tools-5.13.0-1022-aws, linux-cloud-tools-common, linux-image-generic-64k-hwe-20.04-edge, linux-gcp-edge, linux-image-raspi-nolpae, linux-aws-cloud-tools-5.13.0-1022, linux-azure-edge, linux-lowlatency, linux-cloud-tools-generic-hwe-20.04, linux-azure-5.13-tools-5.13.0-1022, linux-headers-generic-lpae-hwe-20.04, linux-image-oracle-edge, linux-image-unsigned-5.13.0-1022-aws, linux-crashdump, linux-gcp-5.13, linux-raspi-tools-5.13.0-1025, linux-tools-common, linux-virtual-hwe-20.04, linux-headers-5.13.0-1027-oracle, linux-gcp-headers-5.13.0-1024, linux-modules-5.13.0-1021-kvm, linux-aws-5.13-tools-5.13.0-1022, linux-tools-5.13.0-1027-oracle, linux-buildinfo-5.13.0-1027-oracle, linux-image-unsigned-5.13.0-1022-azure, linux-headers-5.13.0-40-lowlatency, linux-tools-oracle-edge, linux-buildinfo-5.13.0-40-lowlatency, linux-modules-5.13.0-40-generic-lpae, linux-generic-64k, linux-headers-5.13.0-1024-gcp, linux-hwe-5.13-cloud-tools-5.13.0-40, linux-image-raspi, linux-tools-virtual, linux-modules-extra-aws, linux-modules-extra-raspi, linux-image-unsigned-5.13.0-1024-gcp, linux-headers-5.13.0-40, linux-tools-generic-64k-hwe-20.04, linux-headers-azure-edge, linux-modules-extra-raspi-nolpae, linux-cloud-tools-lowlatency, linux-tools-5.13.0-40, linux-tools-aws-edge, linux-tools-lowlatency-hwe-20.04-edge, linux-azure-5.13, linux-cloud-tools-generic-hwe-20.04-edge, linux-headers-oem-20.04, linux-headers-raspi-nolpae, linux-headers-raspi, linux-cloud-tools-5.13.0-40-generic, linux-kvm, linux-modules-extra-5.13.0-40-generic, linux-virtual-hwe-20.04-edge, linux-image-generic-64k-hwe-20.04, linux-gke, linux-virtual, linux-cloud-tools-lowlatency-hwe-20.04, linux-tools-generic-hwe-20.04, linux-tools-lowlatency, linux-headers-kvm, linux-headers-virtual, linux-image-generic-hwe-20.04-edge, linux-image-gcp, linux-tools-virtual-hwe-20.04-edge, linux-image-kvm, linux-tools-5.13.0-40-generic, linux-azure-tools-5.13.0-1022, linux-headers-lowlatency-hwe-20.04-edge, linux-cloud-tools-virtual, linux-buildinfo-5.13.0-1022-azure, linux-headers-generic-64k-hwe-20.04, linux-image-generic-lpae, linux-lowlatency-hwe-20.04-edge, linux-image-5.13.0-1021-kvm, linux-modules-5.13.0-1025-raspi-nolpae, linux-modules-extra-azure-edge, linux-tools-generic-64k-hwe-20.04-edge, linux-tools-gke, linux-source, linux-modules-extra-5.13.0-1027-oracle, linux-headers-lowlatency-hwe-20.04, linux-image-aws, linux-modules-extra-5.13.0-1022-aws, linux-headers-generic-hwe-20.04-edge, linux-headers-generic-64k-hwe-20.04-edge, linux-generic, linux-image-unsigned-5.13.0-40-lowlatency, linux-tools-gcp, linux-hwe-5.13, linux-tools-oracle, linux-modules-5.13.0-1025-raspi, linux-gcp-tools-5.13.0-1024, linux-buildinfo-5.13.0-40-generic-lpae, linux-tools-5.13.0-1025-raspi, linux-kvm-headers-5.13.0-1021, linux-image-oracle, linux-headers-aws-edge, linux-tools-5.13.0-40-lowlatency, linux-headers-oracle-edge, linux-image-generic-hwe-20.04, linux-image-generic-lpae-hwe-20.04, linux-hwe-5.13-tools-5.13.0-40, linux-image-5.13.0-40-lowlatency, linux-doc, linux-aws-5.13-cloud-tools-5.13.0-1022, linux-tools-azure, linux-tools-generic-hwe-20.04-edge, linux-image-extra-virtual-hwe-20.04, linux-tools-lowlatency-hwe-20.04, linux-cloud-tools-5.13.0-40, linux-generic-hwe-20.04, linux-image-5.13.0-1022-aws, linux-image-azure, linux-modules-extra-5.13.0-1022-azure, linux-azure, linux-tools-kvm, linux-aws-5.13, linux-cloud-tools-5.13.0-1022-azure, linux-azure-headers-5.13.0-1022, linux-headers-generic-lpae-hwe-20.04-edge, linux-aws-5.13-headers-5.13.0-1022, linux-hwe-5.13-source-5.13.0, linux-image-virtual-hwe-20.04, linux-modules-5.13.0-1022-azure, linux-raspi, linux-buildinfo-5.13.0-1021-kvm, linux-tools-generic-lpae-hwe-20.04, linux-buildinfo-5.13.0-1022-aws, linux-image-unsigned-5.13.0-40-generic, linux-image-unsigned-5.13.0-40-generic-64k, linux-buildinfo-5.13.0-1025-raspi-nolpae, linux-image-extra-virtual, linux-headers-virtual-hwe-20.04, linux-gcp-5.13-tools-5.13.0-1024, linux-headers-5.13.0-40-generic-lpae, linux-image-extra-virtual-hwe-20.04-edge, linux-gcp-5.13-headers-5.13.0-1024, linux-buildinfo-5.13.0-1025-raspi, linux-tools-host, linux-image-aws-edge, linux-oem-20.04, linux-image-5.13.0-40-generic, linux-cloud-tools-virtual-hwe-20.04, linux-headers-5.13.0-40-generic-64k, linux-modules-5.13.0-40-generic, linux-hwe-5.13-tools-host, linux-modules-extra-5.13.0-1024-gcp, linux-tools-virtual-hwe-20.04, linux-tools-5.13.0-1022-azure, linux-headers-5.13.0-1022-aws, linux-aws-tools-5.13.0-1022, linux-tools-generic-lpae, linux-headers-generic, linux-image-lowlatency-hwe-20.04, linux-tools-raspi, linux-tools-generic, linux-oracle-tools-5.13.0-1027, linux-modules-extra-5.13.0-1025-raspi, linux-cloud-tools-virtual-hwe-20.04-edge, linux-image-5.13.0-1025-raspi-nolpae, linux-headers-azure, linux-cloud-tools-azure, linux-cloud-tools-azure-edge, linux-gcp, linux-headers-gcp-edge, linux-aws-edge, linux-headers-5.13.0-40-generic, linux-image-virtual-hwe-20.04-edge, linux-headers-generic-64k, linux-tools-raspi-nolpae, linux-oracle-headers-5.13.0-1027, linux-raspi-nolpae, linux-tools-generic-64k, linux-tools-generic-lpae-hwe-20.04-edge, linux-modules-5.13.0-40-generic-64k, linux-image-generic, linux-generic-lpae-hwe-20.04, linux-hwe-5.13-tools-common, linux-headers-virtual-hwe-20.04-edge, linux-generic-lpae, linux-headers-oracle, linux-hwe-5.13-headers-5.13.0-40, linux-buildinfo-5.13.0-1024-gcp, linux-headers-5.13.0-1021-kvm, linux-aws-headers-5.13.0-1022, linux-headers-gcp, linux-image-lowlatency, linux-image-5.13.0-1024-gcp, linux-modules-extra-gcp-edge, linux-modules-extra-aws-edge, linux-tools-5.13.0-1025-raspi-nolpae, linux-tools-gcp-edge, linux-azure-cloud-tools-5.13.0-1022, linux-generic-64k-hwe-20.04-edge, linux-generic-hwe-20.04-edge, linux-generic-lpae-hwe-20.04-edge, linux-modules-extra-gcp, linux-modules-extra-5.13.0-1025-raspi-nolpae, linux-tools-oem-20.04, linux, linux-headers-generic-hwe-20.04, linux-kvm-tools-5.13.0-1021, linux-headers-lowlatency, linux-cloud-tools-5.13.0-1022-aws, linux-buildinfo-5.13.0-40-generic-64k, linux-cloud-tools-generic, linux-azure-5.13-cloud-tools-5.13.0-1022, linux-image-5.13.0-40-generic-lpae, linux-cloud-tools-5.13.0-40-lowlatency, linux-headers-generic-lpae, linux-generic-64k-hwe-20.04, linux-lowlatency-hwe-20.04, linux-raspi-headers-5.13.0-1025, linux-azure-5.13-headers-5.13.0-1022, linux-tools-azure-edge, linux-image-5.13.0-1025-raspi, linux-buildinfo-5.13.0-40-generic, linux-cloud-tools-lowlatency-hwe-20.04-edge, linux-source-5.13.0, linux-modules-5.13.0-1024-gcp, linux-libc-dev, linux-tools-5.13.0-1024-gcp, linux-tools-aws, linux-oracle, linux-oracle-5.13, linux-modules-5.13.0-1022-aws, linux-modules-extra-gke, linux-image-azure-edge, linux-headers-aws, linux-image-5.13.0-40-generic-64k, linux-image-oem-20.04, linux-image-unsigned-5.13.0-1021-kvm, linux-aws, linux-tools-5.13.0-40-generic-64k, linux-oracle-5.13-tools-5.13.0-1027, linux-image-virtual, linux-modules-extra-azure, linux-image-gcp-edge, linux-headers-5.13.0-1025-raspi-nolpae, linux-tools-5.13.0-1021-kvm, linux-hwe-5.13-cloud-tools-common - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYmHrFeNLKJtyKPYoAQi2Qg/+IqKd/D9Wl+Etbq6+JVzVYLs5tHEz62B0 KQrZwXb0RECk+ATyNdQhmGiM+iA1rodDaOuAHYYxdbHM911vHkrSDXWFQEswyWgT YTWcxZn1sLrhafmGJF8gDel2jz+W7LCFzAsfbfZbeAn6rqbdthLkihxEKXAnuL7a 9j5C9qszv9omfrDjcvD6dHcQaG9zjWCGrbkffddqzA4rr4BSwmnFZakBtYRn8aeN 6BUHGQGytYRfF/jYPOjUhkTpd6lOAGx/JybrB6DwOzkni7/sJTqhuHa+D4pp3zTn dBx2nGQKBcIIcVKk4Q9DIQeMtIsyIPpVhUSELfWh10rubwkdoGdu5NClivbCaxHv 33JD08JtxggC7QorByYhnATCU9n7bIT6fkiuFCzpQfHEqPPUNdNaLmQuN+WqCH7t JxB0k3yHAwu5fTza3rJwvGWyc8ektDl9E8PCcyKwagUGNpn0iwuD6OkCi3eD/rAP NA2JO49jZaDRqOGTmKfM6yHrhNHjC0siVfBl5wiZ22zZq23Omlun9r3P2Kr+nBWY 5oRuYAOkcjvFfoszKEGkTNxmjU+UlsRarEjREWkUbj4bek5tZjg2Uht9oD03L7qr jKX86h64SpCP1h264SD1VlZI0wZBz4tUhpLco/BNjOtbh9jan2+s+YQcZt5Y0N9B 7QGB5aWAjkY= =b+hE -----END PGP SIGNATURE-----