USN-5500-1: Linux kernel vulnerabilities

Releases

• Ubuntu 16.04 ESM

Packages

• linux - Linux kernel
• linux-aws - Linux kernel for Amazon Web Services (AWS) systems

Details

Eric Biederman discovered that the cgroup process migration implementation
in the Linux kernel did not perform permission checks correctly in some
situations. A local attacker could possibly use this to gain administrative
privileges. (CVE-2021-4197)

Lin Ma discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-4202)

It was discovered that the PF_KEYv2 implementation in the Linux kernel did
not properly initialize kernel memory in some situations. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2022-1353)

It was discovered that the virtual graphics memory manager implementation
in the Linux kernel was subject to a race condition, potentially leading to
an information leak. (CVE-2022-1419)

Minh Yuan discovered that the floppy disk driver in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2022-1652)

It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)

It was discovered that the Marvell NFC device driver implementation in the
Linux kernel did not properly perform memory cleanup operations in some
situations, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2022-1734)

赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not
properly perform reference counting in some error conditions. A local
attacker could use this to cause a denial of service. (CVE-2022-28356)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04

• linux-image-virtual - 4.4.0.229.235
  Available with Ubuntu Pro
• linux-image-generic - 4.4.0.229.235
  Available with Ubuntu Pro
• linux-image-aws - 4.4.0.1145.149
  Available with Ubuntu Pro
• linux-image-4.4.0-229-lowlatency - 4.4.0-229.263
  Available with Ubuntu Pro
• linux-image-4.4.0-229-generic - 4.4.0-229.263
  Available with Ubuntu Pro
• linux-image-4.4.0-1145-aws - 4.4.0-1145.160
  Available with Ubuntu Pro
• linux-image-lowlatency - 4.4.0.229.235
  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

• CVE-2022-1652
• CVE-2022-1353
• CVE-2022-28356
• CVE-2022-1734
• CVE-2021-4202
• CVE-2022-1419
• CVE-2021-4197
• CVE-2022-1679

Related notices

• USN-5505-1
• USN-5513-1
• USN-5529-1
• USN-5544-1
• USN-5560-1
• USN-5560-2
• USN-5562-1
• USN-5564-1
• USN-5566-1
• USN-5582-1
• USN-5467-1
• USN-5469-1
• USN-5515-1
• USN-5541-1
• USN-5381-1
• USN-5466-1
• USN-5471-1
• USN-5518-1
• USN-5265-1
• USN-5294-1
• USN-5297-1
• USN-5294-2
• USN-5298-1
• USN-5278-1
• USN-5337-1
• USN-5368-1
• USN-5517-1