Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-5298-1
HistoryFeb 22, 2022 - 9:27 a.m.

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

2022-02-2209:27:43
Google
osv.dev
8
linux
kernel
vulnerabilities
double-free
denial of service
arbitrary code execution
exposure
sensitive information
cve-2021-22600
cve-2021-28711
cve-2021-28712
cve-2021-28713
cve-2021-28714
cve-2021-28715
cve-2021-39685
cve-2021-4083
cve-2021-4155
cve-2021-4202
cve-2022-0330
cve-2022-22942

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

31.3%

JSON

It was discovered that the Packet network protocol implementation in the
Linux kernel contained a double-free vulnerability. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2021-22600)

Jürgen Groß discovered that the Xen subsystem within the Linux kernel did
not adequately limit the number of events driver domains (unprivileged PV
backends) could send to other guest VMs. An attacker in a driver domain
could use this to cause a denial of service in other guest VMs.
(CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)

Jürgen Groß discovered that the Xen network backend driver in the Linux
kernel did not adequately limit the amount of queued packets when a guest
did not process them. An attacker in a guest VM can use this to cause a
denial of service (excessive kernel memory consumption) in the network
backend domain. (CVE-2021-28714, CVE-2021-28715)

Szymon Heidrich discovered that the USB Gadget subsystem in the Linux
kernel did not properly restrict the size of control requests for certain
gadget types, leading to possible out of bounds reads or writes. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-39685)

Jann Horn discovered a race condition in the Unix domain socket
implementation in the Linux kernel that could result in a read-after-free.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-4083)

Kirill Tkhai discovered that the XFS file system implementation in the
Linux kernel did not calculate size correctly when pre-allocating space in
some situations. A local attacker could use this to expose sensitive
information. (CVE-2021-4155)

Lin Ma discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-4202)

Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in
the Linux kernel did not perform a GPU TLB flush in some situations. A
local attacker could use this to cause a denial of service or possibly
execute arbitrary code. (CVE-2022-0330)

It was discovered that the VMware Virtual GPU driver in the Linux kernel
did not properly handle certain failure conditions, leading to a stale
entry in the file descriptor table. A local attacker could use this to
expose sensitive information or possibly gain administrative privileges.
(CVE-2022-22942)

Related

ubuntu 10
nessus 61
openvas 43
cloudfoundry 3
fedora 2
osv 11
amazon 4
cve 5
cvelist 5
nvd 5
debiancve 5
ubuntucve 5
prion 5
xen 2
mageia 6
debian 2
virtuozzo 1
redhatcve 1
redhat 14
photon 3
f5 1
suse 4
citrix 1
ubuntu
ubuntu
Linux kernel vulnerabilities
2022-02-22 00:00:00
Linux kernel vulnerabilities
2022-02-22 00:00:00
Linux kernel vulnerabilities
2022-02-18 00:00:00
nessus
nessus
Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5298-1)
2022-02-22 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5294-2)
2022-02-22 00:00:00
Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5294-1)
2022-02-18 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5298-1)
2022-02-23 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2021-e6cbca1e9e)
2021-12-27 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2021-4f1a2cdf2e)
2021-12-27 00:00:00
cloudfoundry
cloudfoundry
USN-5298-1: Linux kernel vulnerabilities | Cloud Foundry
2022-04-21 00:00:00
USN-5294-2: Linux kernel vulnerabilities | Cloud Foundry
2022-03-11 00:00:00
USN-5338-1: Linux kernel vulnerabilities | Cloud Foundry
2022-04-14 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: kernel-5.15.11-200.fc35
2021-12-26 01:27:24
[SECURITY] Fedora 34 Update: kernel-5.15.11-100.fc34
2021-12-26 01:12:01
osv
osv
linux vulnerabilities
2022-02-18 00:35:55
linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4 linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
2022-02-22 07:52:49
linux-hwe-5.13 vulnerabilities
2022-02-18 00:41:45
amazon
amazon
Important: kernel
2022-02-04 23:25:00
Important: kernel
2022-02-04 23:24:00
Important: kernel
2022-02-04 23:25:00
cve
cve
CVE-2021-28711
2022-01-05 17:15:09
CVE-2021-28712
2022-01-05 17:15:09
CVE-2021-28713
2022-01-05 17:15:09
cvelist
cvelist
CVE-2021-28712
2022-01-05 16:10:23
CVE-2021-28711
2022-01-05 16:10:22
CVE-2021-28713
2022-01-05 16:10:24
nvd
nvd
CVE-2021-28712
2022-01-05 17:15:09
CVE-2021-28713
2022-01-05 17:15:09
CVE-2021-28711
2022-01-05 17:15:09
debiancve
debiancve
CVE-2021-28711
2022-01-05 17:15:09
CVE-2021-28712
2022-01-05 17:15:09
CVE-2021-28713
2022-01-05 17:15:09
ubuntucve
ubuntucve
CVE-2021-28713
2022-01-05 00:00:00
CVE-2021-28711
2022-01-05 00:00:00
CVE-2021-28712
2022-01-05 00:00:00
prion
prion
Design/Logic Flaw
2022-01-05 17:15:00
Design/Logic Flaw
2022-01-05 17:15:00
Design/Logic Flaw
2022-01-05 17:15:00
xen
xen
Rogue backends can cause DoS of guests via high frequency events
2021-12-20 09:54:00
Guest can force Linux netback driver to hog large amounts of kernel memory
2021-12-20 09:54:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2021-12-29 22:12:56
Updated kernel packages fix security vulnerabilities
2021-12-29 22:12:56
Updated kernel-linus packages fix security vulnerabilities
2022-02-01 18:26:02
debian
debian
[SECURITY] [DSA 5050-1] linux security update
2022-01-20 16:46:05
[SECURITY] [DLA 2940-1] linux security update
2022-03-09 12:40:13
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel patch 146.1 for Virtuozzo Hybrid Server 7.5
2022-08-22 00:00:00
redhatcve
redhatcve
CVE-2021-28714
2022-05-20 22:29:10
redhat
redhat
(RHSA-2022:1107) Important: kernel security update
2022-03-29 08:25:59
(RHSA-2022:0925) Important: kpatch-patch security update
2022-03-15 12:48:47
(RHSA-2022:1103) Important: kpatch-patch security update
2022-03-29 08:17:08
photon
photon
Important Photon OS Security Update - PHSA-2022-3.0-0350
2022-01-11 00:00:00
Important Photon OS Security Update - PHSA-2022-0148
2022-01-26 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0148
2022-01-28 00:00:00
f5
f5
K30914425 : Linux vulnerabilities CVE-2022-0330 and CVE-2022-22942
2022-04-19 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2022-05-07 00:00:00
Security update for the Linux Kernel (critical)
2022-02-11 00:00:00
Security update for the Linux Kernel (critical)
2022-02-10 00:00:00
citrix
citrix
Citrix Hypervisor Security Update
2022-01-12 11:09:52

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

31.3%

JSON
Related for OSV:USN-5298-1
ubuntu10nessus61openvas43cloudfoundry3fedora2osv11amazon4cve5cvelist5nvd5debiancve5ubuntucve5prion5xen2mageia6debian2virtuozzo1redhatcve1redhat14photon3f51suse4citrix1