USN-5728-2: Linux kernel vulnerabilities<\/p>\n
Jann Horn discovered that the Linux kernel did not properly track memory
\nallocations for anonymous VMA mappings in some situations, leading to
\npotential data structure reuse. A local attacker could use this to cause a
\ndenial of service (system crash) or possibly execute arbitrary code.
\n(CVE-2022-42703)<\/p>\n
It was discovered that a race condition existed in the memory address space
\naccounting implementation in the Linux kernel, leading to a use-after-free
\nvulnerability. A local attacker could use this to cause a denial of service
\n(system crash) or possibly execute arbitrary code. (CVE-2022-41222)<\/p>\n
It was discovered that a race condition existed in the instruction emulator
\nof the Linux kernel on Arm 64-bit systems. A local attacker could use this
\nto cause a denial of service (system crash). (CVE-2022-20422)<\/p>\n
It was discovered that the KVM implementation in the Linux kernel did not
\nproperly handle virtual CPUs without APICs in certain situations. A local
\nattacker could possibly use this to cause a denial of service (host system
\ncrash). (CVE-2022-2153)<\/p>\n
Hao Sun and Jiacheng Xu discovered that the NILFS file system
\nimplementation in the Linux kernel contained a use-after-free
\nvulnerability. A local attacker could use this to cause a denial of service
\n(system crash) or possibly execute arbitrary code. (CVE-2022-2978)<\/p>\n
Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64
\nprocessors, the Linux kernel’s protections against speculative branch
\ntarget injection attacks were insufficient in some circumstances. A local
\nattacker could possibly use this to expose sensitive information.
\n(CVE-2022-29901)<\/p>\n
Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in
\nthe Linux kernel. A local attacker could use this to cause a denial of
\nservice (system crash) or possibly expose sensitive information (kernel
\nmemory). (CVE-2022-3028)<\/p>\n
It was discovered that the Netlink device interface implementation in the
\nLinux kernel did not properly handle certain error conditions, leading to a
\nuse-after-free vulnerability with some network device drivers. A local
\nattacker with admin access to the network device could use this to cause a
\ndenial of service (system crash) or possibly execute arbitrary code.
\n(CVE-2022-3625)<\/p>\n
It was discovered that the IDT 77252 ATM PCI device driver in the Linux
\nkernel did not properly remove any pending timers during device exit,
\nresulting in a use-after-free vulnerability. A local attacker could
\npossibly use this to cause a denial of service (system crash) or execute
\narbitrary code. (CVE-2022-3635)<\/p>\n
Jann Horn discovered a race condition existed in the Linux kernel when
\nunmapping VMAs in certain situations, resulting in possible use-after-free
\nvulnerabilities. A local attacker could possibly use this to cause a denial
\nof service (system crash) or execute arbitrary code. (CVE-2022-39188)<\/p>\n
Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX
\nstorage controller driver in the Linux kernel did not properly handle
\ncertain structures. A local attacker could potentially use this to expose
\nsensitive information (kernel memory). (CVE-2022-40768)<\/p>\n
S\u00f6nke Huster discovered that a use-after-free vulnerability existed in the USN-5728-2: Linux kernel vulnerabilities Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41222) It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) It was discovered that the KVM implementation in the Linux kernel [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-48871","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/48871","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=48871"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/48871\/revisions"}],"predecessor-version":[{"id":48872,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/48871\/revisions\/48872"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=48871"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=48871"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=48871"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nWiFi driver stack in the Linux kernel. A physically proximate attacker
\ncould use this to cause a denial of service (system crash) or possibly
\nexecute arbitrary code. (CVE-2022-42719)
\nSource: USN-5728-2: Linux kernel vulnerabilities<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"