SB2022081847 - Ubuntu update for linux-aws

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022081847

SB2022081847 - Ubuntu update for linux-aws

Published: August 18, 2022

Security Bulletin ID SB2022081847
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2022-26365)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.


2) Information disclosure (CVE-ID: CVE-2022-33740)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.


3) Information disclosure (CVE-ID: CVE-2022-33741)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.


Remediation

Install update from vendor's website.

References