Ubuntu update for linux



| Updated: 2024-06-07
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2022-0001
CVE-2022-0002
CVE-2022-23960
CVE-2022-25636
CWE-ID CWE-200
CWE-1037
CWE-122
Exploitation vector Local
Public exploit Public exploit code for vulnerability #4 is available.
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

linux-image-raspi (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gkeop (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gcp-lts-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-ibm-lts-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure-fde (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1065-gke (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gke (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oracle-lts-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-osp1 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1017-ibm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-104-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1055-raspi (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-raspi2 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1067-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-aws-lts-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-104-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-ibm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1068-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1066-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1036-gkeop (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-104-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1072-azure-fde (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gkeop-5.4 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure-lts-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gke-5.4 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-bluefield (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1030-bluefield (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1072-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.4.0-1058-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-snapdragon-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-raspi-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-lowlatency-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-hwe-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU61198

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-0001

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-raspi (Ubuntu package): before 5.4.0.1055.89

linux-image-gkeop (Ubuntu package): before 5.4.0.1036.39

linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1067.76

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1017.17

linux-image-azure-fde (Ubuntu package): before 5.4.0.1072.75+cvm1.18

linux-image-generic-lpae (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1065-gke (Ubuntu package): before 5.4.0-1065.68~18.04.1

linux-image-kvm (Ubuntu package): before 5.4.0.1058.57

linux-image-gke (Ubuntu package): before 5.4.0.1065.75

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1066.66

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1017-ibm (Ubuntu package): before 5.4.0-1017.19~18.04.1

linux-image-5.4.0-104-lowlatency (Ubuntu package): before 5.4.0-104.118~18.04.1

linux-image-5.4.0-1055-raspi (Ubuntu package): before 5.4.0-1055.62~18.04.1

linux-image-raspi2 (Ubuntu package): before 5.4.0.1055.89

linux-image-5.4.0-1067-gcp (Ubuntu package): before 5.4.0-1067.71~18.04.1

linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1068.70

linux-image-5.4.0-104-generic-lpae (Ubuntu package): before 5.4.0-104.118~18.04.1

linux-image-ibm (Ubuntu package): before 5.4.0.1017.17

linux-image-lowlatency (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1068-aws (Ubuntu package): before 5.4.0-1068.72~18.04.1

linux-image-5.4.0-1066-oracle (Ubuntu package): before 5.4.0-1066.71~18.04.1

linux-image-5.4.0-1036-gkeop (Ubuntu package): before 5.4.0-1036.37~18.04.1

linux-image-5.4.0-104-generic (Ubuntu package): before 5.4.0-104.118~18.04.1

linux-image-5.4.0-1072-azure-fde (Ubuntu package): before 5.4.0-1072.75+cvm1.1

linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1036.37~18.04.36

linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1072.70

linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1065.68~18.04.29

linux-image-bluefield (Ubuntu package): before 5.4.0.1030.31

linux-image-5.4.0-1030-bluefield (Ubuntu package): before 5.4.0-1030.33

linux-image-oem (Ubuntu package): before 5.4.0.104.108

linux-image-generic (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1072-azure (Ubuntu package): before 5.4.0-1072.75~18.04.1

linux-image-virtual (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1058-kvm (Ubuntu package): before 5.4.0-1058.61

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1055.57

linux-image-oracle (Ubuntu package): before 5.4.0.1066.71~18.04.45

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-gcp (Ubuntu package): before 5.4.0.1067.52

linux-image-azure (Ubuntu package): before 5.4.0.1072.51

linux-image-aws (Ubuntu package): before 5.4.0.1068.50

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5318-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU61199

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-0002

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor within a context. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-raspi (Ubuntu package): before 5.4.0.1055.89

linux-image-gkeop (Ubuntu package): before 5.4.0.1036.39

linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1067.76

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1017.17

linux-image-azure-fde (Ubuntu package): before 5.4.0.1072.75+cvm1.18

linux-image-generic-lpae (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1065-gke (Ubuntu package): before 5.4.0-1065.68~18.04.1

linux-image-kvm (Ubuntu package): before 5.4.0.1058.57

linux-image-gke (Ubuntu package): before 5.4.0.1065.75

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1066.66

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1017-ibm (Ubuntu package): before 5.4.0-1017.19~18.04.1

linux-image-5.4.0-104-lowlatency (Ubuntu package): before 5.4.0-104.118~18.04.1

linux-image-5.4.0-1055-raspi (Ubuntu package): before 5.4.0-1055.62~18.04.1

linux-image-raspi2 (Ubuntu package): before 5.4.0.1055.89

linux-image-5.4.0-1067-gcp (Ubuntu package): before 5.4.0-1067.71~18.04.1

linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1068.70

linux-image-5.4.0-104-generic-lpae (Ubuntu package): before 5.4.0-104.118~18.04.1

linux-image-ibm (Ubuntu package): before 5.4.0.1017.17

linux-image-lowlatency (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1068-aws (Ubuntu package): before 5.4.0-1068.72~18.04.1

linux-image-5.4.0-1066-oracle (Ubuntu package): before 5.4.0-1066.71~18.04.1

linux-image-5.4.0-1036-gkeop (Ubuntu package): before 5.4.0-1036.37~18.04.1

linux-image-5.4.0-104-generic (Ubuntu package): before 5.4.0-104.118~18.04.1

linux-image-5.4.0-1072-azure-fde (Ubuntu package): before 5.4.0-1072.75+cvm1.1

linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1036.37~18.04.36

linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1072.70

linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1065.68~18.04.29

linux-image-bluefield (Ubuntu package): before 5.4.0.1030.31

linux-image-5.4.0-1030-bluefield (Ubuntu package): before 5.4.0-1030.33

linux-image-oem (Ubuntu package): before 5.4.0.104.108

linux-image-generic (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1072-azure (Ubuntu package): before 5.4.0-1072.75~18.04.1

linux-image-virtual (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1058-kvm (Ubuntu package): before 5.4.0-1058.61

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1055.57

linux-image-oracle (Ubuntu package): before 5.4.0.1066.71~18.04.45

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-gcp (Ubuntu package): before 5.4.0.1067.52

linux-image-azure (Ubuntu package): before 5.4.0.1072.51

linux-image-aws (Ubuntu package): before 5.4.0.1068.50

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5318-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU65007

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-23960

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a local user to obtain potentially sensitive information.

The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.

The vulnerability was dubbed Spectre-BHB.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-raspi (Ubuntu package): before 5.4.0.1055.89

linux-image-gkeop (Ubuntu package): before 5.4.0.1036.39

linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1067.76

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1017.17

linux-image-azure-fde (Ubuntu package): before 5.4.0.1072.75+cvm1.18

linux-image-generic-lpae (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1065-gke (Ubuntu package): before 5.4.0-1065.68~18.04.1

linux-image-kvm (Ubuntu package): before 5.4.0.1058.57

linux-image-gke (Ubuntu package): before 5.4.0.1065.75

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1066.66

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1017-ibm (Ubuntu package): before 5.4.0-1017.19~18.04.1

linux-image-5.4.0-104-lowlatency (Ubuntu package): before 5.4.0-104.118~18.04.1

linux-image-5.4.0-1055-raspi (Ubuntu package): before 5.4.0-1055.62~18.04.1

linux-image-raspi2 (Ubuntu package): before 5.4.0.1055.89

linux-image-5.4.0-1067-gcp (Ubuntu package): before 5.4.0-1067.71~18.04.1

linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1068.70

linux-image-5.4.0-104-generic-lpae (Ubuntu package): before 5.4.0-104.118~18.04.1

linux-image-ibm (Ubuntu package): before 5.4.0.1017.17

linux-image-lowlatency (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1068-aws (Ubuntu package): before 5.4.0-1068.72~18.04.1

linux-image-5.4.0-1066-oracle (Ubuntu package): before 5.4.0-1066.71~18.04.1

linux-image-5.4.0-1036-gkeop (Ubuntu package): before 5.4.0-1036.37~18.04.1

linux-image-5.4.0-104-generic (Ubuntu package): before 5.4.0-104.118~18.04.1

linux-image-5.4.0-1072-azure-fde (Ubuntu package): before 5.4.0-1072.75+cvm1.1

linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1036.37~18.04.36

linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1072.70

linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1065.68~18.04.29

linux-image-bluefield (Ubuntu package): before 5.4.0.1030.31

linux-image-5.4.0-1030-bluefield (Ubuntu package): before 5.4.0-1030.33

linux-image-oem (Ubuntu package): before 5.4.0.104.108

linux-image-generic (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1072-azure (Ubuntu package): before 5.4.0-1072.75~18.04.1

linux-image-virtual (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1058-kvm (Ubuntu package): before 5.4.0-1058.61

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1055.57

linux-image-oracle (Ubuntu package): before 5.4.0.1066.71~18.04.45

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-gcp (Ubuntu package): before 5.4.0.1067.52

linux-image-azure (Ubuntu package): before 5.4.0.1072.51

linux-image-aws (Ubuntu package): before 5.4.0.1068.50

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5318-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Heap-based buffer overflow

EUVDB-ID: #VU61271

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2022-25636

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in net/netfilter/nf_dup_netdev.c in the Linux kernel, related to nf_tables_offload. A local user can trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 18.04 - 20.04

linux-image-raspi (Ubuntu package): before 5.4.0.1055.89

linux-image-gkeop (Ubuntu package): before 5.4.0.1036.39

linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1067.76

linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1017.17

linux-image-azure-fde (Ubuntu package): before 5.4.0.1072.75+cvm1.18

linux-image-generic-lpae (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1065-gke (Ubuntu package): before 5.4.0-1065.68~18.04.1

linux-image-kvm (Ubuntu package): before 5.4.0.1058.57

linux-image-gke (Ubuntu package): before 5.4.0.1065.75

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1066.66

linux-image-oem-osp1 (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1017-ibm (Ubuntu package): before 5.4.0-1017.19~18.04.1

linux-image-5.4.0-104-lowlatency (Ubuntu package): before 5.4.0-104.118~18.04.1

linux-image-5.4.0-1055-raspi (Ubuntu package): before 5.4.0-1055.62~18.04.1

linux-image-raspi2 (Ubuntu package): before 5.4.0.1055.89

linux-image-5.4.0-1067-gcp (Ubuntu package): before 5.4.0-1067.71~18.04.1

linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1068.70

linux-image-5.4.0-104-generic-lpae (Ubuntu package): before 5.4.0-104.118~18.04.1

linux-image-ibm (Ubuntu package): before 5.4.0.1017.17

linux-image-lowlatency (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1068-aws (Ubuntu package): before 5.4.0-1068.72~18.04.1

linux-image-5.4.0-1066-oracle (Ubuntu package): before 5.4.0-1066.71~18.04.1

linux-image-5.4.0-1036-gkeop (Ubuntu package): before 5.4.0-1036.37~18.04.1

linux-image-5.4.0-104-generic (Ubuntu package): before 5.4.0-104.118~18.04.1

linux-image-5.4.0-1072-azure-fde (Ubuntu package): before 5.4.0-1072.75+cvm1.1

linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1036.37~18.04.36

linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1072.70

linux-image-gke-5.4 (Ubuntu package): before 5.4.0.1065.68~18.04.29

linux-image-bluefield (Ubuntu package): before 5.4.0.1030.31

linux-image-5.4.0-1030-bluefield (Ubuntu package): before 5.4.0-1030.33

linux-image-oem (Ubuntu package): before 5.4.0.104.108

linux-image-generic (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1072-azure (Ubuntu package): before 5.4.0-1072.75~18.04.1

linux-image-virtual (Ubuntu package): before 5.4.0.104.108

linux-image-5.4.0-1058-kvm (Ubuntu package): before 5.4.0-1058.61

linux-image-virtual-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-snapdragon-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-raspi-hwe-18.04 (Ubuntu package): before 5.4.0.1055.57

linux-image-oracle (Ubuntu package): before 5.4.0.1066.71~18.04.45

linux-image-lowlatency-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-generic-lpae-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-generic-hwe-18.04 (Ubuntu package): before 5.4.0.104.118~18.04.89

linux-image-gcp (Ubuntu package): before 5.4.0.1067.52

linux-image-azure (Ubuntu package): before 5.4.0.1072.51

linux-image-aws (Ubuntu package): before 5.4.0.1068.50

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5318-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###