Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5650-1
HistorySep 30, 2022 - 12:00 a.m.

Linux kernel vulnerabilities

2022-09-3000:00:00
ubuntu.com
39

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.5%

JSON

Releases

  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty

Details

It was discovered that the framebuffer driver on the Linux kernel did not
verify size limits when changing font or screen size, leading to an out-of-
bounds write. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-33655)

It was discovered that the virtual terminal driver in the Linux kernel did
not properly handle VGA console font changes, leading to an out-of-bounds
write. A local attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2021-33656)

Christian Brauner discovered that the XFS file system implementation in the
Linux kernel did not properly handle setgid file creation. A local attacker
could use this to gain elevated privileges. (CVE-2021-4037)

It was discovered that the ext4 file system implementation in the Linux
kernel did not properly initialize memory in some situations. A privileged
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2022-0850)

Duoming Zhou discovered that the AX.25 amateur radio protocol
implementation in the Linux kernel did not handle detach events properly in
some situations. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-1199)

Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol
implementation in the Linux kernel during device detach operations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-1204)

Norbert Slusarek discovered that a race condition existed in the perf
subsystem in the Linux kernel, resulting in a use-after-free vulnerability.
A privileged local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-1729)

It was discovered that the Packet network protocol implementation in the
Linux kernel contained an out-of-bounds access. A remote attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-20368)

It was discovered that the Open vSwitch implementation in the Linux kernel
contained an out of bounds write vulnerability in certain situations. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-2639)

Jann Horn discovered that the ASIX AX88179/178A USB Ethernet driver in the
Linux kernel contained multiple out-of-bounds vulnerabilities. A local
attacker with physical access could plug in a specially crafted USB device
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-2964)

Hao Sun and Jiacheng Xu discovered that the NILFS file system
implementation in the Linux kernel contained a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-2978)

Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in
the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly expose sensitive information (kernel
memory). (CVE-2022-3028)

It was discovered that the Journaled File System (JFS) in the Linux kernel
contained a null pointer dereference in some situations. A local attacker
could use this to cause a denial of service (system crash). (CVE-2022-3202)

Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter
subsystem in the Linux kernel did not properly handle rules that truncated
packets below the packet header size. When such rules are in place, a
remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2022-36946)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchlinux-image-virtual< 4.4.0.234.240UNKNOWN
Ubuntu16.04noarchlinux-cloud-tools-generic< 4.4.0.210.216UNKNOWN
Ubuntu16.04noarchlinux-cloud-tools-generic-lts-utopic< 4.4.0.210.216UNKNOWN
Ubuntu16.04noarchlinux-cloud-tools-generic-lts-vivid< 4.4.0.210.216UNKNOWN
Ubuntu16.04noarchlinux-cloud-tools-generic-lts-wily< 4.4.0.210.216UNKNOWN
Ubuntu16.04noarchlinux-cloud-tools-generic-lts-xenial< 4.4.0.210.216UNKNOWN
Ubuntu16.04noarchlinux-cloud-tools-lowlatency< 4.4.0.210.216UNKNOWN
Ubuntu16.04noarchlinux-cloud-tools-lowlatency-lts-utopic< 4.4.0.210.216UNKNOWN
Ubuntu16.04noarchlinux-cloud-tools-lowlatency-lts-vivid< 4.4.0.210.216UNKNOWN
Ubuntu16.04noarchlinux-cloud-tools-lowlatency-lts-wily< 4.4.0.210.216UNKNOWN
Rows per page:
1-10 of 1951

Related

nessus 42
osv 21
openvas 36
ubuntu 15
photon 1
suse 1
prion 9
ubuntucve 7
cve 9
redhatcve 8
cbl_mariner 14
veracode 4
debiancve 9
virtuozzo 1
githubexploit 7
fedora 4
f5 1
redhat 5
cnvd 1
github 1
oraclelinux 3
nessus
nessus
Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5650-1)
2022-09-30 00:00:00
Ubuntu 16.04 ESM : Linux kernel (AWS) vulnerabilities (USN-5580-1)
2022-08-24 00:00:00
Ubuntu 16.04 ESM : Linux kernel (Azure) vulnerabilities (USN-5652-1)
2022-10-05 00:00:00
osv
osv
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
2022-09-30 21:51:28
linux-aws vulnerabilities
2022-08-24 15:49:43
linux-azure vulnerabilities
2022-10-03 16:47:14
openvas
openvas
Ubuntu: Security Advisory (USN-5650-1)
2022-10-03 00:00:00
Ubuntu: Security Advisory (USN-5580-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-5621-1)
2022-09-22 00:00:00
ubuntu
ubuntu
Linux kernel (AWS) vulnerabilities
2022-08-24 00:00:00
Linux kernel vulnerabilities
2022-09-21 00:00:00
Linux kernel (Azure) vulnerabilities
2022-10-03 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-3.0-0461
2022-10-01 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2022-08-16 00:00:00
prion
prion
Out-of-bounds
2022-07-18 15:15:00
Null pointer dereference
2022-09-14 15:15:00
Design/Logic Flaw
2022-08-29 15:15:00
ubuntucve
ubuntucve
CVE-2021-33656
2022-07-18 00:00:00
CVE-2022-3202
2022-09-14 00:00:00
CVE-2021-33655
2022-07-18 00:00:00
cve
cve
CVE-2021-33656
2022-07-18 15:15:00
CVE-2022-20368
2022-08-11 15:15:00
CVE-2021-33655
2022-07-18 15:15:00
redhatcve
redhatcve
CVE-2022-20368
2022-09-02 10:57:44
CVE-2022-1204
2022-04-01 17:02:03
CVE-2022-3202
2022-09-13 14:13:14
cbl_mariner
cbl_mariner
CVE-2022-3202 affecting package kernel 5.10.134.1-2
2022-10-04 07:51:40
CVE-2021-33656 affecting package kernel 5.10.123.1-1
2022-08-12 16:45:24
CVE-2022-3202 affecting package kernel 5.15.57.1-3
2022-10-05 23:34:27
veracode
veracode
Out-of-Bounds Access
2023-02-03 23:02:13
Information Disclosure
2022-03-26 18:15:16
Denial Of Service (DoS)
2022-09-26 10:34:52
debiancve
debiancve
CVE-2021-33656
2022-07-18 15:15:00
CVE-2022-1204
2022-08-29 15:15:00
CVE-2022-20368
2022-08-11 15:15:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel patch 150.0 for Virtuozzo Hybrid Server 7.5
2022-12-09 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Linux Linux Kernel
2022-08-02 18:57:19
Exploit for Vulnerability in Linux Linux Kernel
2022-11-03 09:49:23
Exploit for Vulnerability in Linux Linux Kernel
2022-07-28 11:22:13
fedora
fedora
[SECURITY] Fedora 37 Update: kernel-headers-5.19.4-300.fc37
2022-09-02 22:28:09
[SECURITY] Fedora 37 Update: kernel-5.19.6-300.fc37
2022-09-02 22:28:08
[SECURITY] Fedora 36 Update: kernel-5.19.6-200.fc36
2022-09-02 09:55:08
f5
f5
K45164470 : Linux kernel vulnerability CVE-2022-36946
2022-08-12 00:00:00
redhat
redhat
(RHSA-2022:8768) Important: kpatch-patch security update
2022-12-02 19:08:39
(RHSA-2022:8765) Important: kernel-rt security and bug fix update
2022-12-02 19:08:15
(RHSA-2022:8767) Important: kernel security and bug fix update
2022-12-02 19:08:30
cnvd
cnvd
Linux kernel access control error vulnerability (CNVD-2022-74085)
2022-10-22 00:00:00
github
github
Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM
2022-09-16 17:17:37
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2022-11-15 00:00:00
Unbreakable Enterprise kernel security update
2022-10-24 00:00:00
Unbreakable Enterprise kernel-container security update
2022-10-24 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.5%

JSON
Related for USN-5650-1
nessus42osv21openvas36ubuntu15photon1suse1prion9ubuntucve7cve9redhatcve8cbl_mariner14veracode4debiancve9virtuozzo1githubexploit7fedora4f51redhat5cnvd1github1oraclelinux3