USN-5831-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-5831-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5831-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5831-1
Related
Published
2023-01-27T19:01:20.825094Z
Modified
2023-01-27T19:01:20.825094Z
Summary
linux-azure-fde vulnerabilities
Details

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-4378)

Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896)

It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643)

It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934)

References

Affected packages

Ubuntu:22.04:LTS / linux-azure-fde

Package

Name
linux-azure-fde
Purl
pkg:deb/ubuntu/linux-azure-fde@5.15.0-1031.38.1?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.0-1031.38.1

Affected versions

5.*

5.15.0-1019.24.1
5.15.0-1024.30.1
5.15.0-1029.36.1
5.15.0-1030.37.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "linux-image-unsigned-5.15.0-1031-azure-fde-dbgsym": "5.15.0-1031.38.1",
            "linux-image-unsigned-5.15.0-1031-azure-fde": "5.15.0-1031.38.1"
        }
    ]
}