USN-5780-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-5780-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5780-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5780-1

Related

CVE-2022-3524
CVE-2022-3619
CVE-2022-3628
CVE-2022-42895
CVE-2022-42896
UBUNTU-CVE-2022-3524
UBUNTU-CVE-2022-3619
UBUNTU-CVE-2022-3628
UBUNTU-CVE-2022-42895
UBUNTU-CVE-2022-42896

Published

2022-12-14T18:00:29.912572Z

Modified

2022-12-14T18:00:29.912572Z

Summary

linux-oem-6.0 vulnerabilities

Details

It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524)

It was discovered that the Bluetooth HCI implementation in the Linux kernel did not properly deallocate memory in some situations. An attacker could possibly use this cause a denial of service (memory exhaustion). (CVE-2022-3619)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628)

Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895)

Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896)

References

Affected packages

Ubuntu:22.04:LTS / linux-oem-6.0

Package

Name: linux-oem-6.0
Purl: pkg:deb/ubuntu/linux-oem-6.0@6.0.0-1008.8?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.0-1008.8

Affected versions

6.*

6.0.0-1006.6

6.0.0-1007.7

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "linux-image-unsigned-6.0.0-1008-oem": "6.0.0-1008.8",
            "linux-oem-6.0-tools-host": "6.0.0-1008.8",
            "linux-modules-iwlwifi-6.0.0-1008-oem": "6.0.0-1008.8",
            "linux-oem-6.0-tools-6.0.0-1008": "6.0.0-1008.8",
            "linux-image-unsigned-6.0.0-1008-oem-dbgsym": "6.0.0-1008.8",
            "linux-tools-6.0.0-1008-oem": "6.0.0-1008.8",
            "linux-modules-6.0.0-1008-oem": "6.0.0-1008.8",
            "linux-headers-6.0.0-1008-oem": "6.0.0-1008.8",
            "linux-buildinfo-6.0.0-1008-oem": "6.0.0-1008.8",
            "linux-oem-6.0-headers-6.0.0-1008": "6.0.0-1008.8"
        }
    ]
}