Lucene search

UbuntuUSN-5579-1

HistoryAug 24, 2022 - 12:00 a.m.

Linux kernel vulnerabilities

2022-08-2400:00:00

ubuntu.com

ubuntu 16.04

ubuntu 14.04

linux kernel

xen

denial of service

cve-2022-26365

cve-2022-33740

cve-2022-33741

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

27.5%

JSON

Releases

Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Packages

linux - Linux kernel
linux-kvm - Linux kernel for cloud environments
linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty

Details

Roger Pau Monné discovered that the Xen virtual block driver in the Linux
kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-26365)

Roger Pau Monné discovered that the Xen paravirtualization frontend in the
Linux kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-33740)

It was discovered that the Xen paravirtualization frontend in the Linux
kernel incorrectly shared unrelated data when communicating with certain
backends. A local attacker could use this to cause a denial of service
(guest crash) or expose sensitive information (guest kernel memory).
(CVE-2022-33741)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchlinux-image-4.4.0-233-lowlatency< 4.4.0-233.267UNKNOWN
Ubuntu16.04noarchkernel-signed-image-4.4.0-210-generic-di< 4.4.0-210.242UNKNOWN
Ubuntu16.04noarchkernel-signed-image-4.4.0-210-generic-di-dbgsym< 4.4.0-210.242UNKNOWN
Ubuntu16.04noarchlinux-image-4.4.0-210-generic< 4.4.0-210.242UNKNOWN
Ubuntu16.04noarchlinux-image-4.4.0-210-generic-dbgsym< 4.4.0-210.242UNKNOWN
Ubuntu16.04noarchlinux-image-4.4.0-210-lowlatency< 4.4.0-210.242UNKNOWN
Ubuntu16.04noarchlinux-image-4.4.0-210-lowlatency-dbgsym< 4.4.0-210.242UNKNOWN
Ubuntu16.04noarchlinux-image-virtual< 4.4.0.233.239UNKNOWN
Ubuntu16.04noarchlinux-cloud-tools-generic< 4.4.0.210.216UNKNOWN
Ubuntu16.04noarchlinux-cloud-tools-generic-lts-utopic< 4.4.0.210.216UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	16.04	noarch	linux-image-4.4.0-233-lowlatency	< 4.4.0-233.267	UNKNOWN
Ubuntu	16.04	noarch	kernel-signed-image-4.4.0-210-generic-di	< 4.4.0-210.242	UNKNOWN
Ubuntu	16.04	noarch	kernel-signed-image-4.4.0-210-generic-di-dbgsym	< 4.4.0-210.242	UNKNOWN
Ubuntu	16.04	noarch	linux-image-4.4.0-210-generic	< 4.4.0-210.242	UNKNOWN
Ubuntu	16.04	noarch	linux-image-4.4.0-210-generic-dbgsym	< 4.4.0-210.242	UNKNOWN
Ubuntu	16.04	noarch	linux-image-4.4.0-210-lowlatency	< 4.4.0-210.242	UNKNOWN
Ubuntu	16.04	noarch	linux-image-4.4.0-210-lowlatency-dbgsym	< 4.4.0-210.242	UNKNOWN
Ubuntu	16.04	noarch	linux-image-virtual	< 4.4.0.233.239	UNKNOWN
Ubuntu	16.04	noarch	linux-cloud-tools-generic	< 4.4.0.210.216	UNKNOWN
Ubuntu	16.04	noarch	linux-cloud-tools-generic-lts-utopic	< 4.4.0.210.216	UNKNOWN