USN-5466-1: Linux kernel vulnerabilities

Releases

• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 14.04 ESM

Packages

• linux - Linux kernel
• linux-aws - Linux kernel for Amazon Web Services (AWS) systems
• linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems
• linux-azure - Linux kernel for Microsoft Azure Cloud systems
• linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems
• linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
• linux-gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems
• linux-hwe - Linux hardware enablement (HWE) kernel
• linux-kvm - Linux kernel for cloud environments
• linux-oracle - Linux kernel for Oracle Cloud systems
• linux-raspi2 - Linux kernel for Raspberry Pi systems
• linux-snapdragon - Linux kernel for Qualcomm Snapdragon processors

Details

It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.
(CVE-2022-21499)

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did
not properly handle the removal of stateful expressions in some situations,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-1966)

It was discovered that the SCTP protocol implementation in the Linux kernel
did not properly verify VTAGs in some situations. A remote attacker could
possibly use this to cause a denial of service (connection disassociation).
(CVE-2021-3772)

It was discovered that the btrfs file system implementation in the Linux
kernel did not properly handle locking in certain error conditions. A local
attacker could use this to cause a denial of service (kernel deadlock).
(CVE-2021-4149)

David Bouman discovered that the netfilter subsystem in the Linux kernel
did not initialize memory in some situations. A local attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-1016)

It was discovered that the virtual graphics memory manager implementation
in the Linux kernel was subject to a race condition, potentially leading to
an information leak. (CVE-2022-1419)

赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not
properly perform reference counting in some error conditions. A local
attacker could use this to cause a denial of service. (CVE-2022-28356)

It was discovered that the EMS CAN/USB interface implementation in the
Linux kernel contained a double-free vulnerability when handling certain
error conditions. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-28390)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04

• linux-image-4.15.0-1133-aws - 4.15.0-1133.143
• linux-image-4.15.0-1119-kvm - 4.15.0-1119.123
• linux-image-virtual - 4.15.0.184.172
• linux-image-4.15.0-184-generic-lpae - 4.15.0-184.194
• linux-image-aws-lts-18.04 - 4.15.0.1133.135
• linux-image-generic - 4.15.0.184.172
• linux-image-oracle-lts-18.04 - 4.15.0.1098.107
• linux-image-snapdragon - 4.15.0.1132.133
• linux-image-4.15.0-1142-azure - 4.15.0-1142.156
• linux-image-4.15.0-1127-gcp - 4.15.0-1127.142
• linux-image-raspi2 - 4.15.0.1114.111
• linux-image-azure-lts-18.04 - 4.15.0.1142.114
• linux-image-generic-lpae - 4.15.0.184.172
• linux-image-gcp-lts-18.04 - 4.15.0.1127.145
• linux-image-4.15.0-1132-snapdragon - 4.15.0-1132.142
• linux-image-4.15.0-1098-oracle - 4.15.0-1098.108
• linux-image-4.15.0-1114-raspi2 - 4.15.0-1114.122
• linux-image-kvm - 4.15.0.1119.114
• linux-image-4.15.0-184-generic - 4.15.0-184.194
• linux-image-4.15.0-184-lowlatency - 4.15.0-184.194
• linux-image-lowlatency - 4.15.0.184.172

Ubuntu 16.04

• linux-image-oem - 4.15.0.184.173
  Available with Ubuntu Pro
• linux-image-lowlatency-hwe-16.04 - 4.15.0.184.173
  Available with Ubuntu Pro
• linux-image-aws-hwe - 4.15.0.1133.122
  Available with Ubuntu Pro
• linux-image-azure - 4.15.0.1142.131
  Available with Ubuntu Pro
• linux-image-4.15.0-1142-azure - 4.15.0-1142.156~16.04.1
  Available with Ubuntu Pro
• linux-image-gke - 4.15.0.1127.126
  Available with Ubuntu Pro
• linux-image-4.15.0-1127-gcp - 4.15.0-1127.142~16.04.1
  Available with Ubuntu Pro
• linux-image-gcp - 4.15.0.1127.126
  Available with Ubuntu Pro
• linux-image-4.15.0-1133-aws-hwe - 4.15.0-1133.143~16.04.1
  Available with Ubuntu Pro
• linux-image-generic-hwe-16.04 - 4.15.0.184.173
  Available with Ubuntu Pro
• linux-image-oracle - 4.15.0.1098.85
  Available with Ubuntu Pro
• linux-image-4.15.0-1098-oracle - 4.15.0-1098.108~16.04.1
  Available with Ubuntu Pro
• linux-image-virtual-hwe-16.04 - 4.15.0.184.173
  Available with Ubuntu Pro
• linux-image-4.15.0-184-generic - 4.15.0-184.194~16.04.1
  Available with Ubuntu Pro
• linux-image-4.15.0-184-lowlatency - 4.15.0-184.194~16.04.1
  Available with Ubuntu Pro

Ubuntu 14.04

• linux-image-azure - 4.15.0.1142.113
  Available with Ubuntu Pro
• linux-image-4.15.0-1142-azure - 4.15.0-1142.156~14.04.1
  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

• CVE-2022-1966
• CVE-2022-21499
• CVE-2022-1016
• CVE-2021-4149
• CVE-2022-28390
• CVE-2021-3772
• CVE-2022-28356
• CVE-2022-1419

Related notices

• USN-5465-1
• USN-5467-1
• USN-5468-1
• USN-5469-1
• USN-5470-1
• USN-5471-1
• LSN-0087-1
• LSN-0089-1
• LSN-0086-1
• USN-5484-1
• USN-5381-1
• USN-5383-1
• USN-5390-1
• USN-5390-2
• USN-5415-1
• USN-6001-1
• USN-6013-1
• USN-6014-1
• USN-5413-1
• USN-5416-1
• USN-5165-1
• USN-5265-1
• USN-5500-1
• USN-5505-1
• USN-5513-1