Ubuntu update for linux
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2021-3506 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2022-0435 CVE-2022-0492 |
| CWE-ID | CWE-125 CWE-20 CWE-416 CWE-200 CWE-121 CWE-264 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #6 is available. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-hwe-16.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-snapdragon (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-hwe-16.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-16.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-dell300x (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-173-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-173-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-173-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1134-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1124-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1123-snapdragon (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1119-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1110-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1090-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1038-dell300x (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws-hwe (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU53007
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3506
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in fs/f2fs/node.c in the f2fs module in the Linux kernel. A local user can trigger out-of-bounds read error and read internal kernel information or crash the system.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-gcp (Ubuntu package): before 5.4.0.1068.53
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-virtual (Ubuntu package): before 4.15.0.173.162
linux-image-snapdragon (Ubuntu package): before 4.15.0.1123.126
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1090.100
linux-image-oracle (Ubuntu package): before 5.4.0.1067.72~18.04.46
linux-image-oem (Ubuntu package): before 5.4.0.105.119~18.04.90
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-lowlatency (Ubuntu package): before 4.15.0.173.162
linux-image-kvm (Ubuntu package): before 4.15.0.1110.106
linux-image-generic-lpae (Ubuntu package): before 4.15.0.173.162
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-generic (Ubuntu package): before 4.15.0.173.162
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1119.138
linux-image-dell300x (Ubuntu package): before 4.15.0.1038.40
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1134.107
linux-image-azure (Ubuntu package): before 5.4.0.1073.52
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1124.127
linux-image-4.15.0-173-lowlatency (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-173-generic-lpae (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-173-generic (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-1134-azure (Ubuntu package): before 4.15.0-1134.147
linux-image-4.15.0-1124-aws (Ubuntu package): before 4.15.0-1124.133
linux-image-4.15.0-1123-snapdragon (Ubuntu package): before 4.15.0-1123.132
linux-image-4.15.0-1119-gcp (Ubuntu package): before 4.15.0-1119.133
linux-image-4.15.0-1110-kvm (Ubuntu package): before 4.15.0-1110.113
linux-image-4.15.0-1090-oracle (Ubuntu package): before 4.15.0-1090.99
linux-image-4.15.0-1038-dell300x (Ubuntu package): before 4.15.0-1038.43
linux-image-gke (Ubuntu package): before 5.8.0.1015.15
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1134-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1123-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1119-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1110-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1090-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1038-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5339-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU61215
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43976
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the mwifiex_usb_recv() function in drivers/net/wireless/marvell/mwifiex/usb.c in Linux kernel. An attacker with physical access to the system can insert a specially crafted USB device and perform a denial of service (DoS) attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-gcp (Ubuntu package): before 5.4.0.1068.53
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-virtual (Ubuntu package): before 4.15.0.173.162
linux-image-snapdragon (Ubuntu package): before 4.15.0.1123.126
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1090.100
linux-image-oracle (Ubuntu package): before 5.4.0.1067.72~18.04.46
linux-image-oem (Ubuntu package): before 5.4.0.105.119~18.04.90
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-lowlatency (Ubuntu package): before 4.15.0.173.162
linux-image-kvm (Ubuntu package): before 4.15.0.1110.106
linux-image-generic-lpae (Ubuntu package): before 4.15.0.173.162
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-generic (Ubuntu package): before 4.15.0.173.162
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1119.138
linux-image-dell300x (Ubuntu package): before 4.15.0.1038.40
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1134.107
linux-image-azure (Ubuntu package): before 5.4.0.1073.52
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1124.127
linux-image-4.15.0-173-lowlatency (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-173-generic-lpae (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-173-generic (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-1134-azure (Ubuntu package): before 4.15.0-1134.147
linux-image-4.15.0-1124-aws (Ubuntu package): before 4.15.0-1124.133
linux-image-4.15.0-1123-snapdragon (Ubuntu package): before 4.15.0-1123.132
linux-image-4.15.0-1119-gcp (Ubuntu package): before 4.15.0-1119.133
linux-image-4.15.0-1110-kvm (Ubuntu package): before 4.15.0-1110.113
linux-image-4.15.0-1090-oracle (Ubuntu package): before 4.15.0-1090.99
linux-image-4.15.0-1038-dell300x (Ubuntu package): before 4.15.0-1038.43
linux-image-gke (Ubuntu package): before 5.8.0.1015.15
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1134-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1123-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1119-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1110-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1090-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1038-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5339-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU59100
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2021-44733
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to elevate privileges on the system.
The vulnerability exists due to a use-after-free error in the drivers/tee/tee_shm.c file within the TEE subsystem in the Linux kernel. A local user can trigger a race condition in tee_shm_get_from_id during an attempt to free a shared memory object and execute arbitrary code with elevated privileges.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-gcp (Ubuntu package): before 5.4.0.1068.53
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-virtual (Ubuntu package): before 4.15.0.173.162
linux-image-snapdragon (Ubuntu package): before 4.15.0.1123.126
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1090.100
linux-image-oracle (Ubuntu package): before 5.4.0.1067.72~18.04.46
linux-image-oem (Ubuntu package): before 5.4.0.105.119~18.04.90
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-lowlatency (Ubuntu package): before 4.15.0.173.162
linux-image-kvm (Ubuntu package): before 4.15.0.1110.106
linux-image-generic-lpae (Ubuntu package): before 4.15.0.173.162
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-generic (Ubuntu package): before 4.15.0.173.162
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1119.138
linux-image-dell300x (Ubuntu package): before 4.15.0.1038.40
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1134.107
linux-image-azure (Ubuntu package): before 5.4.0.1073.52
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1124.127
linux-image-4.15.0-173-lowlatency (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-173-generic-lpae (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-173-generic (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-1134-azure (Ubuntu package): before 4.15.0-1134.147
linux-image-4.15.0-1124-aws (Ubuntu package): before 4.15.0-1124.133
linux-image-4.15.0-1123-snapdragon (Ubuntu package): before 4.15.0-1123.132
linux-image-4.15.0-1119-gcp (Ubuntu package): before 4.15.0-1119.133
linux-image-4.15.0-1110-kvm (Ubuntu package): before 4.15.0-1110.113
linux-image-4.15.0-1090-oracle (Ubuntu package): before 4.15.0-1090.99
linux-image-4.15.0-1038-dell300x (Ubuntu package): before 4.15.0-1038.43
linux-image-gke (Ubuntu package): before 5.8.0.1015.15
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1134-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1123-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1119-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1110-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1090-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1038-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5339-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Information disclosure
EUVDB-ID: #VU61579
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-45095
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a refcount leak within the pep_sock_accept() function in net/phonet/pep.c in the Linux kernel. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-gcp (Ubuntu package): before 5.4.0.1068.53
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-virtual (Ubuntu package): before 4.15.0.173.162
linux-image-snapdragon (Ubuntu package): before 4.15.0.1123.126
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1090.100
linux-image-oracle (Ubuntu package): before 5.4.0.1067.72~18.04.46
linux-image-oem (Ubuntu package): before 5.4.0.105.119~18.04.90
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-lowlatency (Ubuntu package): before 4.15.0.173.162
linux-image-kvm (Ubuntu package): before 4.15.0.1110.106
linux-image-generic-lpae (Ubuntu package): before 4.15.0.173.162
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-generic (Ubuntu package): before 4.15.0.173.162
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1119.138
linux-image-dell300x (Ubuntu package): before 4.15.0.1038.40
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1134.107
linux-image-azure (Ubuntu package): before 5.4.0.1073.52
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1124.127
linux-image-4.15.0-173-lowlatency (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-173-generic-lpae (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-173-generic (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-1134-azure (Ubuntu package): before 4.15.0-1134.147
linux-image-4.15.0-1124-aws (Ubuntu package): before 4.15.0-1124.133
linux-image-4.15.0-1123-snapdragon (Ubuntu package): before 4.15.0-1123.132
linux-image-4.15.0-1119-gcp (Ubuntu package): before 4.15.0-1119.133
linux-image-4.15.0-1110-kvm (Ubuntu package): before 4.15.0-1110.113
linux-image-4.15.0-1090-oracle (Ubuntu package): before 4.15.0-1090.99
linux-image-4.15.0-1038-dell300x (Ubuntu package): before 4.15.0-1038.43
linux-image-gke (Ubuntu package): before 5.8.0.1015.15
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1134-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1123-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1119-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1110-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1090-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1038-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5339-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stack-based buffer overflow
EUVDB-ID: #VU61216
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0435
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Linux kernel networking module for the Transparent Inter-Process Communication (TIPC) protocol. A remote unauthenticated attacker can send specially crafted traffic to the system, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the TIPC bearer is set up.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-gcp (Ubuntu package): before 5.4.0.1068.53
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-virtual (Ubuntu package): before 4.15.0.173.162
linux-image-snapdragon (Ubuntu package): before 4.15.0.1123.126
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1090.100
linux-image-oracle (Ubuntu package): before 5.4.0.1067.72~18.04.46
linux-image-oem (Ubuntu package): before 5.4.0.105.119~18.04.90
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-lowlatency (Ubuntu package): before 4.15.0.173.162
linux-image-kvm (Ubuntu package): before 4.15.0.1110.106
linux-image-generic-lpae (Ubuntu package): before 4.15.0.173.162
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-generic (Ubuntu package): before 4.15.0.173.162
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1119.138
linux-image-dell300x (Ubuntu package): before 4.15.0.1038.40
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1134.107
linux-image-azure (Ubuntu package): before 5.4.0.1073.52
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1124.127
linux-image-4.15.0-173-lowlatency (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-173-generic-lpae (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-173-generic (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-1134-azure (Ubuntu package): before 4.15.0-1134.147
linux-image-4.15.0-1124-aws (Ubuntu package): before 4.15.0-1124.133
linux-image-4.15.0-1123-snapdragon (Ubuntu package): before 4.15.0-1123.132
linux-image-4.15.0-1119-gcp (Ubuntu package): before 4.15.0-1119.133
linux-image-4.15.0-1110-kvm (Ubuntu package): before 4.15.0-1110.113
linux-image-4.15.0-1090-oracle (Ubuntu package): before 4.15.0-1090.99
linux-image-4.15.0-1038-dell300x (Ubuntu package): before 4.15.0-1038.43
linux-image-gke (Ubuntu package): before 5.8.0.1015.15
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1134-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1123-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1119-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1110-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1090-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1038-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5339-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU61245
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2022-0492
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a logic error within the cgroup_release_agent_write() function in kernel/cgroup/cgroup-v1.c. A local user can use the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-gcp (Ubuntu package): before 5.4.0.1068.53
linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-virtual (Ubuntu package): before 4.15.0.173.162
linux-image-snapdragon (Ubuntu package): before 4.15.0.1123.126
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1090.100
linux-image-oracle (Ubuntu package): before 5.4.0.1067.72~18.04.46
linux-image-oem (Ubuntu package): before 5.4.0.105.119~18.04.90
linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-lowlatency (Ubuntu package): before 4.15.0.173.162
linux-image-kvm (Ubuntu package): before 4.15.0.1110.106
linux-image-generic-lpae (Ubuntu package): before 4.15.0.173.162
linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.173.162
linux-image-generic (Ubuntu package): before 4.15.0.173.162
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1119.138
linux-image-dell300x (Ubuntu package): before 4.15.0.1038.40
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1134.107
linux-image-azure (Ubuntu package): before 5.4.0.1073.52
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1124.127
linux-image-4.15.0-173-lowlatency (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-173-generic-lpae (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-173-generic (Ubuntu package): before 4.15.0-173.182
linux-image-4.15.0-1134-azure (Ubuntu package): before 4.15.0-1134.147
linux-image-4.15.0-1124-aws (Ubuntu package): before 4.15.0-1124.133
linux-image-4.15.0-1123-snapdragon (Ubuntu package): before 4.15.0-1123.132
linux-image-4.15.0-1119-gcp (Ubuntu package): before 4.15.0-1119.133
linux-image-4.15.0-1110-kvm (Ubuntu package): before 4.15.0-1110.113
linux-image-4.15.0-1090-oracle (Ubuntu package): before 4.15.0-1090.99
linux-image-4.15.0-1038-dell300x (Ubuntu package): before 4.15.0-1038.43
linux-image-gke (Ubuntu package): before 5.8.0.1015.15
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1099.92
CPE2.3- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-16.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-173-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1134-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1123-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1119-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1110-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1090-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-4.15.0-1038-dell300x_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5339-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
