Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5582-1
HistoryAug 25, 2022 - 12:00 a.m.

Linux kernel (Azure CVM) vulnerabilities

2022-08-2500:00:00
ubuntu.com
82

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

79.9%

JSON

Releases

  • Ubuntu 20.04 LTS

Packages

  • linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems

Details

Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel
did not properly perform data validation. A local attacker could use this
to escalate privileges in certain situations. (CVE-2022-34918)

Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)

It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)

It was discovered that the block layer subsystem in the Linux kernel did
not properly initialize memory in some situations. A privileged local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-0494)

Hu Jiahui discovered that multiple race conditions existed in the Advanced
Linux Sound Architecture (ALSA) framework, leading to use-after-free
vulnerabilities. A local attacker could use these to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2022-1048)

Minh Yuan discovered that the floppy disk driver in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2022-1652)

It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)

It was discovered that the Marvell NFC device driver implementation in the
Linux kernel did not properly perform memory cleanup operations in some
situations, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2022-1734)

Duoming Zhou discovered a race condition in the NFC subsystem in the Linux
kernel, leading to a use-after-free vulnerability. A privileged local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-1974)

Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not
properly prevent context switches from occurring during certain atomic
context operations. A privileged local attacker could use this to cause a
denial of service (system crash). (CVE-2022-1975)

Felix Fu discovered that the Sun RPC implementation in the Linux kernel did
not properly handle socket states, leading to a use-after-free
vulnerability. A remote attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-28893)

Related

osv 14
ubuntu 13
nessus 53
mageia 3
oraclelinux 11
redos 2
photon 5
fedora 4
veracode 9
redhatcve 11
zdt 1
githubexploit 13
cbl_mariner 12
suse 2
cve 8
ubuntucve 8
metasploit 1
packetstorm 1
prion 9
debiancve 9
redhat 6
debian 1
zdi 2
f5 1
osv
osv
linux-azure-fde vulnerabilities
2022-08-25 03:58:20
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
2022-08-10 14:30:41
linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities
2022-08-10 12:36:02
ubuntu
ubuntu
Linux kernel vulnerabilities
2022-08-10 00:00:00
Linux kernel vulnerabilities
2022-08-10 00:00:00
Linux kernel vulnerabilities
2022-08-10 00:00:00
nessus
nessus
Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5582-1)
2022-08-25 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5562-1)
2022-08-10 00:00:00
Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5560-2)
2022-08-10 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2022-08-26 00:21:07
Updated kernel-linus packages fix security vulnerabilities
2022-08-26 00:21:07
Updated kernel-linus packages fix security vulnerabilities
2022-05-21 11:50:18
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2022-09-21 00:00:00
Unbreakable Enterprise kernel-container security update
2022-09-21 00:00:00
Unbreakable Enterprise kernel-container security update
2022-08-09 00:00:00
redos
redos
ROS-20220908-01
2022-09-08 00:00:00
ROS-20220516-07
2022-05-16 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0226
2022-08-10 00:00:00
Moderate Photon OS Security Update - PHSA-2022-0506
2022-08-10 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0226
2022-08-10 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: kernel-5.18.17-200.fc36
2022-08-14 02:39:58
[SECURITY] Fedora 35 Update: kernel-5.18.17-100.fc35
2022-08-14 03:02:16
[SECURITY] Fedora 35 Update: kernel-5.16.18-200.fc35
2022-03-30 01:30:34
veracode
veracode
Use-After-Free
2022-09-16 19:36:00
Privilege Escalation
2022-09-16 19:39:12
Denial Of Service (DoS)
2022-09-16 19:53:28
redhatcve
redhatcve
CVE-2022-28893
2022-04-11 19:44:39
CVE-2022-34918
2022-07-06 09:06:11
CVE-2022-2586
2022-08-09 18:37:11
zdt
zdt
Netfilter nft_set_elem_init Heap Overflow Privilege Escalation Exploit
2022-09-28 00:00:00
githubexploit
githubexploit
Exploit for Type Confusion in Linux Linux Kernel
2022-07-24 14:47:40
Exploit for Type Confusion in Linux Linux Kernel
2022-07-21 22:06:19
Exploit for Type Confusion in Linux Linux Kernel
2022-07-25 06:13:41
cbl_mariner
cbl_mariner
CVE-2022-28893 affecting package kernel 5.15.37.1-2
2022-06-03 17:54:27
CVE-2022-34918 affecting package kernel 5.15.48.1-4
2022-08-03 21:15:19
CVE-2022-28893 affecting package kernel 5.10.116.1-1
2022-06-15 17:03:30
suse
suse
Security update for the Linux Kernel (important)
2022-09-01 00:00:00
Security update for the Linux Kernel (important)
2022-06-24 00:00:00
cve
cve
CVE-2022-28893
2022-04-11 05:15:00
CVE-2022-2586
2024-01-08 18:15:44
CVE-2022-1974
2022-08-31 16:15:00
ubuntucve
ubuntucve
CVE-2022-28893
2022-04-11 00:00:00
CVE-2022-2586
2022-08-09 00:00:00
CVE-2022-1974
2022-06-06 00:00:00
metasploit
metasploit
Netfilter nft_set_elem_init Heap Overflow Privilege Escalation
2022-07-20 11:51:22
packetstorm
packetstorm
Netfilter nft_set_elem_init Heap Overflow Privilege Escalation
2022-09-28 00:00:00
prion
prion
Code injection
2022-04-11 05:15:00
Design/Logic Flaw
2024-01-08 18:15:00
Code injection
2022-08-31 16:15:00
debiancve
debiancve
CVE-2022-28893
2022-04-11 05:15:00
CVE-2022-1652
2022-06-02 14:15:00
CVE-2022-2586
2024-01-08 18:15:44
redhat
redhat
(RHSA-2022:6592) Important: kpatch-patch security update
2022-09-20 11:37:42
(RHSA-2023:4023) Important: kpatch-patch security update
2023-07-11 07:39:10
(RHSA-2022:7171) Important: kernel security and bug fix update
2022-10-25 12:36:50
debian
debian
[SECURITY] [DSA 5161-1] linux security update
2022-06-11 09:15:06
zdi
zdi
(Pwn2Own) Linux Kernel nft_object Use-After-Free Privilege Escalation Vulnerability
2022-08-18 00:00:00
(Pwn2Own) Linux Kernel route4_change Double Free Privilege Escalation Vulnerability
2022-08-18 00:00:00
f5
f5
K32615023 : Linux kernel vulnerability CVE-2022-2588
2022-10-20 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

79.9%

JSON
Related for USN-5582-1
osv14ubuntu13nessus53mageia3oraclelinux11redos2photon5fedora4veracode9redhatcve11zdt1githubexploit13cbl_mariner12suse2cve8ubuntucve8metasploit1packetstorm1prion9debiancve9redhat6debian1zdi2f51