USN-5416-1

Source
https://ubuntu.com/security/notices/USN-5416-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5416-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5416-1
Related
Published
2022-05-12T01:12:46.745048Z
Modified
2022-05-12T01:12:46.745048Z
Summary
linux-oem-5.14 vulnerabilities
Details

Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. (CVE-2022-1158)

It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516)

It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388)

It was discovered that the Microchip CAN BUS Analyzer interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28389)

It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-28390)

References

Affected packages

Ubuntu:20.04:LTS / linux-oem-5.14

Package

Name
linux-oem-5.14
Purl
pkg:deb/ubuntu/linux-oem-5.14?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.0-1036.40

Affected versions

5.*

5.14.0-1004.4
5.14.0-1005.5
5.14.0-1007.7
5.14.0-1008.8
5.14.0-1010.10
5.14.0-1011.11
5.14.0-1013.13
5.14.0-1018.19
5.14.0-1020.22
5.14.0-1022.24
5.14.0-1024.26
5.14.0-1027.30
5.14.0-1029.32
5.14.0-1031.34
5.14.0-1032.35
5.14.0-1033.36
5.14.0-1034.37

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "5.14.0-1036.40",
            "binary_name": "linux-buildinfo-5.14.0-1036-oem"
        },
        {
            "binary_version": "5.14.0-1036.40",
            "binary_name": "linux-headers-5.14.0-1036-oem"
        },
        {
            "binary_version": "5.14.0-1036.40",
            "binary_name": "linux-image-unsigned-5.14.0-1036-oem"
        },
        {
            "binary_version": "5.14.0-1036.40",
            "binary_name": "linux-image-unsigned-5.14.0-1036-oem-dbgsym"
        },
        {
            "binary_version": "5.14.0-1036.40",
            "binary_name": "linux-modules-5.14.0-1036-oem"
        },
        {
            "binary_version": "5.14.0-1036.40",
            "binary_name": "linux-oem-5.14-headers-5.14.0-1036"
        },
        {
            "binary_version": "5.14.0-1036.40",
            "binary_name": "linux-oem-5.14-tools-5.14.0-1036"
        },
        {
            "binary_version": "5.14.0-1036.40",
            "binary_name": "linux-oem-5.14-tools-host"
        },
        {
            "binary_version": "5.14.0-1036.40",
            "binary_name": "linux-tools-5.14.0-1036-oem"
        }
    ]
}