Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.1736
USN-5381-1: Linux kernel (OEM) vulnerabilities
22 April 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux kernel (OEM)
Publisher: Ubuntu
Operating System: Ubuntu
Resolution: Patch/Upgrade
CVE Names: CVE-2022-28356 CVE-2022-27223 CVE-2022-26966
CVE-2022-26490 CVE-2022-24958 CVE-2022-1048
CVE-2022-1016 CVE-2022-1015 CVE-2022-1011
CVE-2022-0854 CVE-2022-0494
Original Bulletin:
https://ubuntu.com/security/notices/USN-5381-1
Comment: CVSS (Max): 8.8 CVE-2022-27223 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: [NVD], Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
USN-5381-1: Linux kernel (OEM) vulnerabilities
20 April 2022
Several security issues were fixed in the Linux kernel.
Releases
o Ubuntu 20.04 LTS
Packages
o linux-oem-5.14 - Linux kernel for OEM systems
Details
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not properly validate passed user register indices. A local attacker
could use this to cause a denial of service or possibly execute arbitrary
code. ( CVE-2022-1015 )
It was discovered that the block layer subsystem in the Linux kernel did
not properly initialize memory in some situations. A privileged local
attacker could use this to expose sensitive information (kernel memory).
( CVE-2022-0494 )
It was discovered that the DMA subsystem in the Linux kernel did not
properly ensure bounce buffers were completely overwritten by the DMA
device. A local attacker could use this to expose sensitive information
(kernel memory). ( CVE-2022-0854 )
Jann Horn discovered that the FUSE file system in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. ( CVE-2022-1011 )
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not initialize memory in some situations. A local attacker could use
this to expose sensitive information (kernel memory). ( CVE-2022-1016 )
Hu Jiahui discovered that multiple race conditions existed in the Advanced
Linux Sound Architecture (ALSA) framework, leading to use-after-free
vulnerabilities. A local attacker could use these to cause a denial of
service (system crash) or possibly execute arbitrary code. ( CVE-2022-1048 )
It was discovered that the USB Gadget file system interface in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. ( CVE-2022-24958 )
It was discovered that the ST21NFCA NFC driver in the Linux kernel did not
properly validate the size of certain data in EVT_TRANSACTION events. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. ( CVE-2022-26490 )
It was discovered that the USB SR9700 ethernet device driver for the Linux
kernel did not properly validate the length of requests from the device. A
physically proximate attacker could possibly use this to expose sensitive
information (kernel memory). ( CVE-2022-26966 )
It was discovered that the Xilinx USB2 device gadget driver in the Linux
kernel did not properly validate endpoint indices from the host. A
physically proximate attacker could possibly use this to cause a denial of
service (system crash). ( CVE-2022-27223 )
discovered that the 802.2 LLC type 2 driver in the Linux kernel did not
properly perform reference counting in some error conditions. A local
attacker could use this to cause a denial of service. ( CVE-2022-28356 )
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 20.04
o linux-image-oem-20.04c - 5.14.0.1033.30
o linux-image-oem-20.04b - 5.14.0.1033.30
o linux-image-oem-20.04d - 5.14.0.1033.30
o linux-image-oem-20.04 - 5.14.0.1033.30
o linux-image-5.14.0-1033-oem - 5.14.0-1033.36
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References
o CVE-2022-1016
o CVE-2022-26966
o CVE-2022-0854
o CVE-2022-26490
o CVE-2022-24958
o CVE-2022-1011
o CVE-2022-28356
o CVE-2022-0494
o CVE-2022-1015
o CVE-2022-1048
o CVE-2022-27223
Related notices
o USN-5383-1 : linux-modules-5.13.0-1027-oracle,
linux-oracle-5.13-headers-5.13.0-1027, linux-oracle-edge,
linux-headers-5.13.0-1025-raspi, linux-modules-5.13.0-40-lowlatency,
linux-image-5.13.0-1022-azure, linux-image-lowlatency-hwe-20.04-edge,
linux-image-generic-lpae-hwe-20.04-edge, linux-headers-5.13.0-1022-azure,
linux-image-gke, linux-image-unsigned-5.13.0-1027-oracle,
linux-image-5.13.0-1027-oracle, linux-tools-5.13.0-40-generic-lpae,
linux-headers-gke, linux-image-generic-64k, linux-tools-5.13.0-1022-aws,
linux-cloud-tools-common, linux-image-generic-64k-hwe-20.04-edge,
linux-gcp-edge, linux-image-raspi-nolpae,
linux-aws-cloud-tools-5.13.0-1022, linux-azure-edge, linux-lowlatency,
linux-cloud-tools-generic-hwe-20.04, linux-azure-5.13-tools-5.13.0-1022,
linux-headers-generic-lpae-hwe-20.04, linux-image-oracle-edge,
linux-image-unsigned-5.13.0-1022-aws, linux-crashdump, linux-gcp-5.13,
linux-raspi-tools-5.13.0-1025, linux-tools-common, linux-virtual-hwe-20.04,
linux-headers-5.13.0-1027-oracle, linux-gcp-headers-5.13.0-1024,
linux-modules-5.13.0-1021-kvm, linux-aws-5.13-tools-5.13.0-1022,
linux-tools-5.13.0-1027-oracle, linux-buildinfo-5.13.0-1027-oracle,
linux-image-unsigned-5.13.0-1022-azure, linux-headers-5.13.0-40-lowlatency,
linux-tools-oracle-edge, linux-buildinfo-5.13.0-40-lowlatency,
linux-modules-5.13.0-40-generic-lpae, linux-generic-64k,
linux-headers-5.13.0-1024-gcp, linux-hwe-5.13-cloud-tools-5.13.0-40,
linux-image-raspi, linux-tools-virtual, linux-modules-extra-aws,
linux-modules-extra-raspi, linux-image-unsigned-5.13.0-1024-gcp,
linux-headers-5.13.0-40, linux-tools-generic-64k-hwe-20.04,
linux-headers-azure-edge, linux-modules-extra-raspi-nolpae,
linux-cloud-tools-lowlatency, linux-tools-5.13.0-40, linux-tools-aws-edge,
linux-tools-lowlatency-hwe-20.04-edge, linux-azure-5.13,
linux-cloud-tools-generic-hwe-20.04-edge, linux-headers-oem-20.04,
linux-headers-raspi-nolpae, linux-headers-raspi,
linux-cloud-tools-5.13.0-40-generic, linux-kvm,
linux-modules-extra-5.13.0-40-generic, linux-virtual-hwe-20.04-edge,
linux-image-generic-64k-hwe-20.04, linux-gke, linux-virtual,
linux-cloud-tools-lowlatency-hwe-20.04, linux-tools-generic-hwe-20.04,
linux-tools-lowlatency, linux-headers-kvm, linux-headers-virtual,
linux-image-generic-hwe-20.04-edge, linux-image-gcp,
linux-tools-virtual-hwe-20.04-edge, linux-image-kvm,
linux-tools-5.13.0-40-generic, linux-azure-tools-5.13.0-1022,
linux-headers-lowlatency-hwe-20.04-edge, linux-cloud-tools-virtual,
linux-buildinfo-5.13.0-1022-azure, linux-headers-generic-64k-hwe-20.04,
linux-image-generic-lpae, linux-lowlatency-hwe-20.04-edge,
linux-image-5.13.0-1021-kvm, linux-modules-5.13.0-1025-raspi-nolpae,
linux-modules-extra-azure-edge, linux-tools-generic-64k-hwe-20.04-edge,
linux-tools-gke, linux-source, linux-modules-extra-5.13.0-1027-oracle,
linux-headers-lowlatency-hwe-20.04, linux-image-aws,
linux-modules-extra-5.13.0-1022-aws, linux-headers-generic-hwe-20.04-edge,
linux-headers-generic-64k-hwe-20.04-edge, linux-generic,
linux-image-unsigned-5.13.0-40-lowlatency, linux-tools-gcp, linux-hwe-5.13,
linux-tools-oracle, linux-modules-5.13.0-1025-raspi,
linux-gcp-tools-5.13.0-1024, linux-buildinfo-5.13.0-40-generic-lpae,
linux-tools-5.13.0-1025-raspi, linux-kvm-headers-5.13.0-1021,
linux-image-oracle, linux-headers-aws-edge,
linux-tools-5.13.0-40-lowlatency, linux-headers-oracle-edge,
linux-image-generic-hwe-20.04, linux-image-generic-lpae-hwe-20.04,
linux-hwe-5.13-tools-5.13.0-40, linux-image-5.13.0-40-lowlatency,
linux-doc, linux-aws-5.13-cloud-tools-5.13.0-1022, linux-tools-azure,
linux-tools-generic-hwe-20.04-edge, linux-image-extra-virtual-hwe-20.04,
linux-tools-lowlatency-hwe-20.04, linux-cloud-tools-5.13.0-40,
linux-generic-hwe-20.04, linux-image-5.13.0-1022-aws, linux-image-azure,
linux-modules-extra-5.13.0-1022-azure, linux-azure, linux-tools-kvm,
linux-aws-5.13, linux-cloud-tools-5.13.0-1022-azure,
linux-azure-headers-5.13.0-1022, linux-headers-generic-lpae-hwe-20.04-edge,
linux-aws-5.13-headers-5.13.0-1022, linux-hwe-5.13-source-5.13.0,
linux-image-virtual-hwe-20.04, linux-modules-5.13.0-1022-azure,
linux-raspi, linux-buildinfo-5.13.0-1021-kvm,
linux-tools-generic-lpae-hwe-20.04, linux-buildinfo-5.13.0-1022-aws,
linux-image-unsigned-5.13.0-40-generic,
linux-image-unsigned-5.13.0-40-generic-64k,
linux-buildinfo-5.13.0-1025-raspi-nolpae, linux-image-extra-virtual,
linux-headers-virtual-hwe-20.04, linux-gcp-5.13-tools-5.13.0-1024,
linux-headers-5.13.0-40-generic-lpae,
linux-image-extra-virtual-hwe-20.04-edge,
linux-gcp-5.13-headers-5.13.0-1024, linux-buildinfo-5.13.0-1025-raspi,
linux-tools-host, linux-image-aws-edge, linux-oem-20.04,
linux-image-5.13.0-40-generic, linux-cloud-tools-virtual-hwe-20.04,
linux-headers-5.13.0-40-generic-64k, linux-modules-5.13.0-40-generic,
linux-hwe-5.13-tools-host, linux-modules-extra-5.13.0-1024-gcp,
linux-tools-virtual-hwe-20.04, linux-tools-5.13.0-1022-azure,
linux-headers-5.13.0-1022-aws, linux-aws-tools-5.13.0-1022,
linux-tools-generic-lpae, linux-headers-generic,
linux-image-lowlatency-hwe-20.04, linux-tools-raspi, linux-tools-generic,
linux-oracle-tools-5.13.0-1027, linux-modules-extra-5.13.0-1025-raspi,
linux-cloud-tools-virtual-hwe-20.04-edge,
linux-image-5.13.0-1025-raspi-nolpae, linux-headers-azure,
linux-cloud-tools-azure, linux-cloud-tools-azure-edge, linux-gcp,
linux-headers-gcp-edge, linux-aws-edge, linux-headers-5.13.0-40-generic,
linux-image-virtual-hwe-20.04-edge, linux-headers-generic-64k,
linux-tools-raspi-nolpae, linux-oracle-headers-5.13.0-1027,
linux-raspi-nolpae, linux-tools-generic-64k,
linux-tools-generic-lpae-hwe-20.04-edge,
linux-modules-5.13.0-40-generic-64k, linux-image-generic,
linux-generic-lpae-hwe-20.04, linux-hwe-5.13-tools-common,
linux-headers-virtual-hwe-20.04-edge, linux-generic-lpae,
linux-headers-oracle, linux-hwe-5.13-headers-5.13.0-40,
linux-buildinfo-5.13.0-1024-gcp, linux-headers-5.13.0-1021-kvm,
linux-aws-headers-5.13.0-1022, linux-headers-gcp, linux-image-lowlatency,
linux-image-5.13.0-1024-gcp, linux-modules-extra-gcp-edge,
linux-modules-extra-aws-edge, linux-tools-5.13.0-1025-raspi-nolpae,
linux-tools-gcp-edge, linux-azure-cloud-tools-5.13.0-1022,
linux-generic-64k-hwe-20.04-edge, linux-generic-hwe-20.04-edge,
linux-generic-lpae-hwe-20.04-edge, linux-modules-extra-gcp,
linux-modules-extra-5.13.0-1025-raspi-nolpae, linux-tools-oem-20.04, linux,
linux-headers-generic-hwe-20.04, linux-kvm-tools-5.13.0-1021,
linux-headers-lowlatency, linux-cloud-tools-5.13.0-1022-aws,
linux-buildinfo-5.13.0-40-generic-64k, linux-cloud-tools-generic,
linux-azure-5.13-cloud-tools-5.13.0-1022,
linux-image-5.13.0-40-generic-lpae, linux-cloud-tools-5.13.0-40-lowlatency,
linux-headers-generic-lpae, linux-generic-64k-hwe-20.04,
linux-lowlatency-hwe-20.04, linux-raspi-headers-5.13.0-1025,
linux-azure-5.13-headers-5.13.0-1022, linux-tools-azure-edge,
linux-image-5.13.0-1025-raspi, linux-buildinfo-5.13.0-40-generic,
linux-cloud-tools-lowlatency-hwe-20.04-edge, linux-source-5.13.0,
linux-modules-5.13.0-1024-gcp, linux-libc-dev, linux-tools-5.13.0-1024-gcp,
linux-tools-aws, linux-oracle, linux-oracle-5.13,
linux-modules-5.13.0-1022-aws, linux-modules-extra-gke,
linux-image-azure-edge, linux-headers-aws,
linux-image-5.13.0-40-generic-64k, linux-image-oem-20.04,
linux-image-unsigned-5.13.0-1021-kvm, linux-aws,
linux-tools-5.13.0-40-generic-64k, linux-oracle-5.13-tools-5.13.0-1027,
linux-image-virtual, linux-modules-extra-azure, linux-image-gcp-edge,
linux-headers-5.13.0-1025-raspi-nolpae, linux-tools-5.13.0-1021-kvm,
linux-hwe-5.13-cloud-tools-common
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYmHrFeNLKJtyKPYoAQi2Qg/+IqKd/D9Wl+Etbq6+JVzVYLs5tHEz62B0
KQrZwXb0RECk+ATyNdQhmGiM+iA1rodDaOuAHYYxdbHM911vHkrSDXWFQEswyWgT
YTWcxZn1sLrhafmGJF8gDel2jz+W7LCFzAsfbfZbeAn6rqbdthLkihxEKXAnuL7a
9j5C9qszv9omfrDjcvD6dHcQaG9zjWCGrbkffddqzA4rr4BSwmnFZakBtYRn8aeN
6BUHGQGytYRfF/jYPOjUhkTpd6lOAGx/JybrB6DwOzkni7/sJTqhuHa+D4pp3zTn
dBx2nGQKBcIIcVKk4Q9DIQeMtIsyIPpVhUSELfWh10rubwkdoGdu5NClivbCaxHv
33JD08JtxggC7QorByYhnATCU9n7bIT6fkiuFCzpQfHEqPPUNdNaLmQuN+WqCH7t
JxB0k3yHAwu5fTza3rJwvGWyc8ektDl9E8PCcyKwagUGNpn0iwuD6OkCi3eD/rAP
NA2JO49jZaDRqOGTmKfM6yHrhNHjC0siVfBl5wiZ22zZq23Omlun9r3P2Kr+nBWY
5oRuYAOkcjvFfoszKEGkTNxmjU+UlsRarEjREWkUbj4bek5tZjg2Uht9oD03L7qr
jKX86h64SpCP1h264SD1VlZI0wZBz4tUhpLco/BNjOtbh9jan2+s+YQcZt5Y0N9B
7QGB5aWAjkY=
=b+hE
-----END PGP SIGNATURE-----