Ubuntu update for linux-azure-5.13



| Updated: 2024-12-13
Risk High
Patch available YES
Number of vulnerabilities 23
CVE-ID CVE-2021-28711
CVE-2021-28712
CVE-2021-28713
CVE-2021-28714
CVE-2021-28715
CVE-2021-39685
CVE-2021-39698
CVE-2021-4135
CVE-2021-4197
CVE-2021-43975
CVE-2021-44733
CVE-2021-45095
CVE-2021-45402
CVE-2021-45480
CVE-2022-0264
CVE-2022-0382
CVE-2022-0435
CVE-2022-0492
CVE-2022-0516
CVE-2022-0742
CVE-2022-1055
CVE-2022-23222
CVE-2022-27666
CWE-ID CWE-400
CWE-404
CWE-119
CWE-416
CWE-200
CWE-264
CWE-787
CWE-125
CWE-401
CWE-755
CWE-909
CWE-121
CWE-122
Exploitation vector Network
Public exploit Public exploit code for vulnerability #6 is available.
Public exploit code for vulnerability #11 is available.
Public exploit code for vulnerability #18 is available.
Public exploit code for vulnerability #22 is available.
Public exploit code for vulnerability #23 is available.
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

linux-image-5.13.0-1025-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.13.0-1021-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 23 vulnerabilities.

1) Resource exhaustion

EUVDB-ID: #VU63563

Risk: Low

CVSSv4.0: 5.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear]

CVE-ID: CVE-2021-28711

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper limits for number of events driver domains could send to other guest VMs. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU63564

Risk: Low

CVSSv4.0: 5.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear]

CVE-ID: CVE-2021-28712

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper limits for number of events driver domains could send to other guest VMs. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU63565

Risk: Low

CVSSv4.0: 5.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear]

CVE-ID: CVE-2021-28713

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper limits for number of events driver domains could send to other guest VMs. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Resource Shutdown or Release

EUVDB-ID: #VU63583

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-28714

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. A remote user can use a UDP connection on a fast interface to trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper Resource Shutdown or Release

EUVDB-ID: #VU63584

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-28715

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. A remote user can use a UDP connection on a fast interface to trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU61095

Risk: Low

CVSSv4.0: 5.2 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2021-39685

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a malicious host to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the USB subsystem in Linux kernel. A malicious USB device can trigger memory corruption and execute arbitrary code on the system.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Use-after-free

EUVDB-ID: #VU61097

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-39698

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Linux kernel. A local user can run a specially crafted program to trigger the use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information disclosure

EUVDB-ID: #VU63566

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-4135

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to simulated networking device driver for the Linux kernel does not properly initialize memory in certain situations. A local user can gain unauthorized access to sensitive information (kernel memory).

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Security restrictions bypass

EUVDB-ID: #VU61258

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-4197

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing permissions checks within the cgroups (control groups) functionality of Linux Kernel when writing into a file descriptor. A local low privileged process can trick a higher privileged parent process into writing arbitrary data into files, which can result in denial of service or privileges escalation.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds write

EUVDB-ID: #VU62485

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-43975

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the hw_atl_utils_fw_rpc_wait() function in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c in Linux kernel. A local user can attach a specially crafted device to the system, trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU59100

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2021-44733

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to elevate privileges on the system.

The vulnerability exists due to a use-after-free error in the drivers/tee/tee_shm.c file within the TEE subsystem in the Linux kernel. A local user can trigger a race condition in tee_shm_get_from_id during an attempt to free a shared memory object and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

12) Information disclosure

EUVDB-ID: #VU61579

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-45095

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a refcount leak within the pep_sock_accept() function in net/phonet/pep.c in the Linux kernel. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU63567

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-45402

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to check_alu_op() function in kernel/bpf/verifier.c does not properly update bounds while handling the mov32 instruction. A local user can obtain potentially sensitive address information.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory leak

EUVDB-ID: #VU63568

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-45480

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __rds_conn_create() function in net/rds/connection.c. A local user can perform a denial of service attack.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper Handling of Exceptional Conditions

EUVDB-ID: #VU63570

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-0264

CWE-ID: CWE-755 - Improper Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in the Linux kernel's eBPF verifier when handling internal data structures. A local user can leak internal kernel memory details.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Missing initialization of resource

EUVDB-ID: #VU63571

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-0382

CWE-ID: CWE-909 - Missing initialization of resource

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to uninitialized memory in the Linux kernel's TIPC protocol subsystem. A local user can send a TIPC datagram to one or more destinations and read some kernel memory.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Stack-based buffer overflow

EUVDB-ID: #VU61216

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-0435

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the Linux kernel networking module for the Transparent Inter-Process Communication (TIPC) protocol. A remote unauthenticated attacker can send specially crafted traffic to the system, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the TIPC bearer is set up.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU61245

Risk: Low

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2022-0492

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a logic error within the cgroup_release_agent_write() function in  kernel/cgroup/cgroup-v1.c. A local user can use the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

19) Out-of-bounds write

EUVDB-ID: #VU61247

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-0516

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in kvm_s390_guest_sida_op() function in the arch/s390/kvm/kvm-s390.c in KVM for s390 in the Linux kernel. A local user can trigger an out-of-bounds write and escalate privileges on the system.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Memory leak

EUVDB-ID: #VU61392

Risk: High

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-0742

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within igmp6_event_query() and igmp6_event_report() functions in Linux kernel when handling ICMPv6 packets. A remote attacker can flood the system with ICMPv6 messages of type 130 and 131 to cause out-of-memory condition and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU61765

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-1055

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tc_new_tfilter in Linux kernel. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Security restrictions bypass

EUVDB-ID: #VU59896

Risk: Low

CVSSv4.0: 6.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2022-23222

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to availability of pointer arithmetic via certain *_OR_NULL pointer types in kernel/bpf/verifier.c in the Linux kernel. A local user can run a specially crafted program to execute arbitrary code with root privileges.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

23) Heap-based buffer overflow

EUVDB-ID: #VU61672

Risk: Low

CVSSv4.0: 6.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2022-27666

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c in Linux kernel. A local unprivileged user can pass specially crafted data to the system, trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-azure-5.13 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.13.0-1025-oracle (Ubuntu package): before 5.13.0-1025.30~20.04.1

linux-image-5.13.0-1021-azure (Ubuntu package): before 5.13.0-1021.24~20.04.1

linux-image-azure (Ubuntu package): before 5.13.0.1021.24~20.04.10

linux-image-oracle (Ubuntu package): before 5.13.0.1025.30~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5368-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###