USN-5416-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-5416-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5416-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5416-1

Related

CVE-2022-1158
CVE-2022-1516
CVE-2022-28388
CVE-2022-28389
CVE-2022-28390
UBUNTU-CVE-2022-1158
UBUNTU-CVE-2022-1516
UBUNTU-CVE-2022-28388
UBUNTU-CVE-2022-28389
UBUNTU-CVE-2022-28390

Published

2022-05-12T01:12:46.745048Z

Modified

2022-05-12T01:12:46.745048Z

Summary

linux-oem-5.14 vulnerabilities

Details

Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. (CVE-2022-1158)

It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516)

It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388)

It was discovered that the Microchip CAN BUS Analyzer interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28389)

It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-28390)

References

Affected packages

Ubuntu:20.04:LTS / linux-oem-5.14

Package

Name: linux-oem-5.14
Purl: pkg:deb/ubuntu/linux-oem-5.14@5.14.0-1036.40?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-1036.40

Affected versions

5.*

5.14.0-1004.4

5.14.0-1005.5

5.14.0-1007.7

5.14.0-1008.8

5.14.0-1010.10

5.14.0-1011.11

5.14.0-1013.13

5.14.0-1018.19

5.14.0-1020.22

5.14.0-1022.24

5.14.0-1024.26

5.14.0-1027.30

5.14.0-1029.32

5.14.0-1031.34

5.14.0-1032.35

5.14.0-1033.36

5.14.0-1034.37

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "linux-oem-5.14-tools-host": "5.14.0-1036.40",
            "linux-buildinfo-5.14.0-1036-oem": "5.14.0-1036.40",
            "linux-headers-5.14.0-1036-oem": "5.14.0-1036.40",
            "linux-image-unsigned-5.14.0-1036-oem-dbgsym": "5.14.0-1036.40",
            "linux-modules-5.14.0-1036-oem": "5.14.0-1036.40",
            "linux-oem-5.14-tools-5.14.0-1036": "5.14.0-1036.40",
            "linux-image-unsigned-5.14.0-1036-oem": "5.14.0-1036.40",
            "linux-tools-5.14.0-1036-oem": "5.14.0-1036.40",
            "linux-oem-5.14-headers-5.14.0-1036": "5.14.0-1036.40"
        }
    ]
}