Ubuntu update for linux-aws
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 51 |
| CVE-ID | CVE-2020-36516 CVE-2021-26401 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-3428 CVE-2021-3659 CVE-2021-3669 CVE-2021-3732 CVE-2021-3772 CVE-2021-4149 CVE-2021-4203 CVE-2021-45868 CVE-2022-0487 CVE-2022-0494 CVE-2022-0617 CVE-2022-1016 CVE-2022-1195 CVE-2022-1205 CVE-2022-1462 CVE-2022-1516 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20572 CVE-2022-2318 CVE-2022-2380 CVE-2022-2503 CVE-2022-2663 CVE-2022-2991 CVE-2022-3061 CVE-2022-3111 CVE-2022-3303 CVE-2022-3628 CVE-2022-36280 CVE-2022-3646 CVE-2022-36879 CVE-2022-3903 CVE-2022-39188 CVE-2022-41218 CVE-2022-41849 CVE-2022-41850 CVE-2022-4662 CVE-2022-47929 CVE-2023-0394 CVE-2023-1074 CVE-2023-1095 CVE-2023-1118 CVE-2023-23455 CVE-2023-26545 CVE-2023-26607 |
| CWE-ID | CWE-327 CWE-200 CWE-400 CWE-190 CWE-476 CWE-264 CWE-345 CWE-667 CWE-416 CWE-125 CWE-248 CWE-863 CWE-20 CWE-122 CWE-369 CWE-119 CWE-787 CWE-399 CWE-362 CWE-284 CWE-401 CWE-843 CWE-415 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #14 is available. Public exploit code for vulnerability #40 is available. |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-4.4.0-1155-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 51 vulnerabilities.
1) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU66811
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36516
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) or MitM attacks.
The vulnerability exists due to an error in the mixed IPID assignment method with the hash-based IPID assignment policy in Linux kernel. A remote attacker can inject data into a victim's TCP session or terminate that session.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU61566
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26401
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within LFENCE/JMP. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU63563
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28711
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper limits for number of events driver domains could send to other guest VMs. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource exhaustion
EUVDB-ID: #VU63564
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28712
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper limits for number of events driver domains could send to other guest VMs. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource exhaustion
EUVDB-ID: #VU63565
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28713
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper limits for number of events driver domains could send to other guest VMs. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer overflow
EUVDB-ID: #VU51551
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3428
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in fs/ext4/extents.c in ext4_es_cache_extent() function, if an extent tree is corrupted in a crafted ext4 filesystem. A local user can mount a specially crafted filesystem and perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU74547
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3659
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local usre to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the way the user closes the LR-WPAN connection within the IEEE 802.15.4 wireless networking subsystem. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource exhaustion
EUVDB-ID: #VU63911
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3669
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to measuring usage of the shared memory does not scale with large shared memory segment counts. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU74548
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3732
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in the way the user mounts the TmpFS filesystem with OverlayFS. A local user can gain access to hidden files that should not be accessible.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Insufficient verification of data authenticity
EUVDB-ID: #VU63835
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3772
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to insufficient verification of data authenticity in the Linux SCTP stack. A remote attacker can exploit this vulnerability to perform a denial of service attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper locking
EUVDB-ID: #VU64071
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4149
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.
The vulnerability exists in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. A local user can exploit this vulnerability to cause a deadlock, resulting in a denial of service condition.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU63838
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4203
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in sock_getsockopt() function in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() function (and connect() function) in the Linux kernel. A local user can exploit the use-after-free error and crash the system or escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU63422
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-45868
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial-of-service attack.
The vulnerability exists due to fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). A local user can trigger use-after-free error and perform a denial-of-service attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU61181
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-0487
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. A local user can trigger a use-after-free error and gain access to sensitive information.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
15) Information disclosure
EUVDB-ID: #VU64259
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0494
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the scsi_ioctl() function in drivers/scsi/scsi_ioctl.c in the Linux kernel. A local user with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU61210
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0617
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel UDF file system functionality. A local user can supply a malicious UDF image to the udf_file_write_iter() function and perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU62028
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1016
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in net/netfilter/nf_tables_core.c:nft_do_chain in Linux kernel.. A local user can trigger a use-after-free error and gain access to sensitive information.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU63430
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1195
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the drivers/net/hamradio. A local user can cause a denial of service (DOS) when the mkiss or sixpack device is detached.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU63433
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1205
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a null pointer dereference and use after free errors in the net/ax25/ax25_timer.c. A local user can simulate Amateur Radio and perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU66591
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1462
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the the Linux kernel’s TeleTYpe subsystem caused by a race condition when using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory file. A local user can trigger an out-of-bounds read error and crash the system or read random kernel memory.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU63158
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1516
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference error in the Linux kernel’s X.25 set of standardized network protocols functionality. A local user can terminate session using a simulated Ethernet card and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU64263
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. A local attacker with CAP_NET_ADMIN privilege can leak kernel information and escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Uncaught Exception
EUVDB-ID: #VU64264
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1975
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker on the local network to perform a denial of service (DoS) attack.
The vulnerability exists due to an uncaught exception error in the Linux kernel. A remote attacker on the local network can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Information disclosure
EUVDB-ID: #VU64136
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20132
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the USB HID component in Linux Kernel. A local user can trigger the vulnerability to gain access to potentially sensitive information.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Incorrect authorization
EUVDB-ID: #VU74549
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20572
CWE-ID:
CWE-863 - Incorrect Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a missing permission check within the verity_target() function in dm-verity-target.c. A local user can modify read-only files and escalate privileges on the system.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU65318
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2318
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error caused by timer handler in net/rose/rose_timer.c of linux. A local user can exploit the vulnerability to perform a denial of service attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU65288
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2380
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the Linux kernel framebuffer within the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. A local user can trigger ab out-of-bounds read error and crash the system.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU66810
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2503
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way dm-verity is used to restrict module/firmware loads to trusted root filesystem in LoadPin builds. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Input validation error
EUVDB-ID: #VU67510
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2663
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass firewall rules.
The vulnerability exists due to insufficient validation of user-supplied input in nf_conntrack_irc in Linux kernel. A remote attacker can send unencrypted IRC with nf_conntrack_irc configured and bypass configured firewall rules.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Heap-based buffer overflow
EUVDB-ID: #VU67476
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2991
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the LightNVM subsystem in Linux kernel. A local user can execute arbitrary code on the system with kernel privileges.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Division by zero
EUVDB-ID: #VU68516
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3061
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to missing checks of the "pixclock" value in the Linux kernel i740 driver. A local user can pass arbitrary values to the driver through ioctl() interface, trigger a divide by zero error and perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) NULL pointer dereference
EUVDB-ID: #VU71540
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3111
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the free_charger_irq() function in drivers/power/supply/wm8350_power.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU68338
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3303
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel sound subsystem due to improper locking when handling the SNDCTL_DSP_SYNC ioctl. A privileged local user can trigger a NULL pointer dereference error and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Buffer overflow
EUVDB-ID: #VU69803
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3628
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the brcmf_fweh_event_worker() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c. A local user can use a specially crafted device to trigger memory corruption and escalate privileges on the system.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds write
EUVDB-ID: #VU71480
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36280
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU69299
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3646
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the nilfs2 filesystem driver within the nilfs_attach_log_writer() function in fs/nilfs2/segment.c in Linux kernel. A remote attacker can trick the victim into mounting a specially crafted image and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Resource management error
EUVDB-ID: #VU66550
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36879
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the xfrm_expand_policies() function in net/xfrm/xfrm_policy.c. A local user can cause the refcount to be dropped twice and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Resource management error
EUVDB-ID: #VU70465
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3903
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an incorrect read request flaw in the Infrared Transceiver USB driver in Linux kernel. An attacker with physical access to the system can starve system resources and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Race condition
EUVDB-ID: #VU67478
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39188
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within include/asm-generic/tlb.h in the Linux kernel. A local user can exploit the race and escalate privileges on the system.
Note, this only occurs in situations with VM_PFNMAP VMAs.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Use-after-free
EUVDB-ID: #VU67657
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-41218
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_demux_open() and dvb_dmxdev_release() function in drivers/media/dvb-core/dmxdev.c in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
41) Race condition
EUVDB-ID: #VU68340
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41849
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in the drivers/video/fbdev/smscufx.c in the Linux kernel. An attacker with physical proximity to the system can remove the USB device while calling open(), cause a race condition between the ufx_ops_open and ufx_usb_disconnect and perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Race condition
EUVDB-ID: #VU69792
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41850
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the roccat_report_event() function in drivers/hid/hid-roccat.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper access control
EUVDB-ID: #VU71541
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4662
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in the Linux kernel USB core subsystem in the way user attaches usb device. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) NULL pointer dereference
EUVDB-ID: #VU71479
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47929
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the traffic control subsystem in Linux kernel. A local user can pass pass a specially crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) NULL pointer dereference
EUVDB-ID: #VU71352
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0394
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Memory leak
EUVDB-ID: #VU74124
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1074
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in Linux kernel Stream Control Transmission Protocol. A local user can start a malicious network service and then connect to remotely, forcing the kernel to leak memory.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) NULL pointer dereference
EUVDB-ID: #VU73783
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1095
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the nf_tables_updtable() function within the netfilter subsystem. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU72734
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1118
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel integrated infrared receiver/transceiver driver "drivers/media/rc/ene_ir.c" when detaching rc device. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Type Confusion
EUVDB-ID: #VU71477
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23455
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error within the atm_tc_enqueue() function in net/sched/sch_atm.c in the Linux kernel. A local user can trigger a type confusion error and perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Double Free
EUVDB-ID: #VU73766
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-26545
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a double free in net/mpls/af_mpls.c during the renaming of a device. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Out-of-bounds read
EUVDB-ID: #VU74125
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-26607
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ntfs_attr_find() function in fs/ntfs/attrib.c in Linux kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 16.04
linux-image-4.4.0-1155-aws (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6001-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
