USN-5302-1: Linux kernel (OEM) vulnerabilities
Publication date
22 February 2022
Overview
Several security issues were fixed in the Linux kernel.
Releases
Packages
- linux-oem-5.14 - Linux kernel for OEM systems
Details
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)
Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver
in the Linux kernel did not properly handle some error conditions. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2021-43976)
Wenqing Liu discovered that the f2fs file system implementation in the
Linux kernel did not properly validate inode types while performing garbage
collection. An attacker could use this to construct a malicious f2fs image
that, when mounted and operated on, could cause a denial of service (system
crash). (
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)
Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver
in the Linux kernel did not properly handle some error conditions. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2021-43976)
Wenqing Liu discovered that the f2fs file system implementation in the
Linux kernel did not properly validate inode types while performing garbage
collection. An attacker could use this to construct a malicious f2fs image
that, when mounted and operated on, could cause a denial of service (system
crash). (CVE-2021-44879)
Samuel Page discovered that the Transparent Inter-Process Communication
(TIPC) protocol implementation in the Linux kernel contained a stack-based
buffer overflow. A remote attacker could use this to cause a denial of
service (system crash) for systems that have a TIPC bearer configured.
(CVE-2022-0435)
Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)
It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)
Update instructions
After a standard system update you need to reboot your computer to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 20.04 focal | linux-image-oem-20.04c – 5.14.0.1024.22 | ||
| linux-image-oem-20.04b – 5.14.0.1024.22 | |||
| linux-image-oem-20.04d – 5.14.0.1024.22 | |||
| linux-image-oem-20.04 – 5.14.0.1024.22 | |||
| linux-image-5.14.0-1024-oem – 5.14.0-1024.26 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
Related notices
- USN-7148-1
- USN-6716-1
- USN-6681-1
- USN-6681-2
- USN-6681-3
- USN-6681-4
- USN-5385-1
- USN-5384-1
- USN-5383-1
- USN-5377-1
- USN-7148-1
- USN-6716-1
- USN-6681-1
- USN-6681-2
- USN-6681-3
- USN-6681-4
- USN-5385-1
- USN-5384-1
- USN-5383-1
- USN-5377-1
- USN-5368-1
- USN-5362-1
- USN-5361-1
- USN-5343-1
- USN-5339-1
- USN-5338-1
- USN-5337-1
- LSN-0086-1
- LSN-0085-1
Have additional questions?