SB2023032806 - Ubuntu update for linux-oem-5.14
Published: March 28, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Improper Initialization (CVE-ID: CVE-2022-2196)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization within nVMX in Linux kernel. A local user can perform speculative execution attacks and escalate privileges on the system.
2) Division by zero (CVE-ID: CVE-2022-3061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to missing checks of the "pixclock" value in the Linux kernel i740 driver. A local user can pass arbitrary values to the driver through ioctl() interface, trigger a divide by zero error and perform a denial of service (DoS) attack.
3) Buffer overflow (CVE-ID: CVE-2022-3628)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the brcmf_fweh_event_worker() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c. A local user can use a specially crafted device to trigger memory corruption and escalate privileges on the system.
4) Out-of-bounds write (CVE-ID: CVE-2022-36280)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
5) NULL pointer dereference (CVE-ID: CVE-2022-3646)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the nilfs2 filesystem driver within the nilfs_attach_log_writer() function in fs/nilfs2/segment.c in Linux kernel. A remote attacker can trick the victim into mounting a specially crafted image and perform a denial of service (DoS) attack.
6) Use-after-free (CVE-ID: CVE-2022-3649)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the nilfs2 filesystem driver in nilfs_new_inode() function in fs/nilfs2/inode.c in Linux kernel. A remote attacker can trick the victim into mounting a specially crafted image, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
7) Race condition (CVE-ID: CVE-2022-41850)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the roccat_report_event() function in drivers/hid/hid-roccat.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
8) NULL pointer dereference (CVE-ID: CVE-2023-0394)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.
9) Use-after-free (CVE-ID: CVE-2023-0461)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Upper Level Protocol (ULP) subsystem in Linux kernel caused by improper handling of sockets entering the LISTEN state in certain protocols. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.