Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5529-1
HistoryJul 21, 2022 - 12:00 a.m.

Linux kernel (OEM) vulnerabilities

2022-07-2100:00:00
ubuntu.com
78
linux kernel
ubuntu
22.04 lts
oem
atheros ath9k
kvm hypervisor
ntfs file system
netfilter subsystem
intel processors
microarchitectural fill buffers
virtio rpmsg bus driver
floppy disk driver
cve-2022-1679
cve-2022-1789
cve-2022-1852
cve-2022-1973
cve-2022-2078
cve-2022-21123
cve-2022-21125
cve-2022-21166
cve-2022-34494
cve-2022-34495
cve-2022-1652

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

51.5%

JSON

Releases

  • Ubuntu 22.04 LTS

Packages

  • linux-oem-5.17 - Linux kernel for OEM systems

Details

It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)

Yongkang Jia discovered that the KVM hypervisor implementation in the Linux
kernel did not properly handle guest TLB mapping invalidation requests in
some situations. An attacker in a guest VM could use this to cause a denial
of service (system crash) in the host OS. (CVE-2022-1789)

Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered that the KVM hypervisor
implementation in the Linux kernel did not properly handle an illegal
instruction in a guest, resulting in a null pointer dereference. An
attacker in a guest VM could use this to cause a denial of service (system
crash) in the host OS. (CVE-2022-1852)

Gerald Lee discovered that the NTFS file system implementation in the Linux
kernel did not properly handle certain error conditions, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly expose sensitive information.
(CVE-2022-1973)

It was discovered that the netfilter subsystem in the Linux kernel
contained a buffer overflow in certain situations. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-2078)

It was discovered that some Intel processors did not completely perform
cleanup actions on multi-core shared buffers. A local attacker could
possibly use this to expose sensitive information. (CVE-2022-21123)

It was discovered that some Intel processors did not completely perform
cleanup actions on microarchitectural fill buffers. A local attacker could
possibly use this to expose sensitive information. (CVE-2022-21125)

It was discovered that some Intel processors did not properly perform
cleanup during specific special register write operations. A local attacker
could possibly use this to expose sensitive information. (CVE-2022-21166)

It was discovered that the virtio RPMSG bus driver in the Linux kernel
contained a double-free vulnerability in certain error conditions. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-34494, CVE-2022-34495)

Minh Yuan discovered that the floppy disk driver in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2022-1652)

Related

openvas 20
nessus 51
osv 15
rocky 3
vmware 1
almalinux 2
xen 1
redhat 12
oraclelinux 13
ubuntu 5
fedora 5
malwarebytes 1
mageia 4
hp 1
intel 1
mscve 3
citrix 1
debian 2
centos 1
f5 1
ibm 1
cbl_mariner 8
redhatcve 5
ubuntucve 5
cve 6
debiancve 6
nvd 7
cvelist 7
prion 4
veracode 3
rosalinux 1
photon 1
altlinux 1
githubexploit 1
openvas
openvas
Ubuntu: Security Advisory (USN-5529-1)
2022-07-21 00:00:00
Fedora: Security Advisory for xen (FEDORA-2022-925fc688c1)
2022-07-02 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2022-177a008b98)
2022-06-19 00:00:00
nessus
nessus
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5529-1)
2022-07-21 00:00:00
Scientific Linux Security Update : kernel on SL7.x x86_64 (2022:5937)
2022-08-10 00:00:00
RHEL 8 : kernel-rt (RHSA-2022:6437)
2022-09-13 00:00:00
osv
osv
linux-oem-5.17 vulnerabilities
2022-07-21 00:00:38
Moderate: kernel-rt security and bug fix update
2022-09-13 00:00:00
Moderate: kernel-rt security and bug fix update
2022-09-13 07:36:33
rocky
rocky
kernel-rt security and bug fix update
2022-09-13 07:36:33
kernel security, bug fix, and enhancement update
2022-09-13 07:37:13
microcode_ctl bug fix and enhancement update
2022-11-02 13:51:49
vmware
vmware
VMware ESXi addresses DirectPath I/O (PCI-Passthrough) Information Leak vulnerabilities (CVE-2022-21123, CVE-2022-21125, CVE-2022-21166)
2022-06-14 00:00:00
almalinux
almalinux
Moderate: kernel security, bug fix, and enhancement update
2022-09-13 00:00:00
Moderate: kernel-rt security and bug fix update
2022-09-13 00:00:00
xen
xen
x86: MMIO Stale Data vulnerabilities
2022-06-14 18:21:00
redhat
redhat
(RHSA-2022:6437) Moderate: kernel-rt security and bug fix update
2022-09-13 07:36:33
(RHSA-2022:6460) Moderate: kernel security, bug fix, and enhancement update
2022-09-13 07:37:13
(RHSA-2022:5939) Moderate: kernel-rt security and bug fix update
2022-08-09 09:27:49
oraclelinux
oraclelinux
kernel security and bug fix update
2022-08-11 00:00:00
kernel security, bug fix, and enhancement update
2022-09-14 00:00:00
microcode_ctl security update
2022-08-01 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2022-06-17 00:00:00
Linux kernel (OEM) vulnerabilities
2022-07-01 00:00:00
Linux kernel (OEM) vulnerabilities
2022-07-13 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: xen-4.16.1-4.fc36
2022-07-01 01:09:33
[SECURITY] Fedora 36 Update: kernel-5.18.5-200.fc36
2022-06-17 01:16:22
[SECURITY] Fedora 35 Update: kernel-5.18.5-100.fc35
2022-06-18 01:45:12
malwarebytes
malwarebytes
Intel CPU vulnerabilities fixed. But should you update?
2023-03-06 07:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2022-06-29 19:18:17
Updated kernel-linus packages fix security vulnerabilities
2022-06-29 19:18:17
Updated kernel-linus packages fix security vulnerabilities
2022-06-13 23:44:20
hp
hp
Intel® Processors June 2022 Security Update
2022-06-14 00:00:00
intel
intel
Intel® Processors MMIO Stale Data Advisory
2022-10-19 00:00:00
mscve
mscve
Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities
2022-06-14 07:00:00
Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR)
2022-06-14 07:00:00
Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS)
2022-06-14 07:00:00
citrix
citrix
Citrix Hypervisor Security Update
2022-06-23 20:06:39
debian
debian
[SECURITY] [DSA 5178-1] intel-microcode security update
2022-07-06 13:12:52
[SECURITY] [DSA 5184-1] xen security update
2022-07-15 18:05:47
centos
centos
bpftool, kernel, perf, python security update
2022-08-15 17:35:43
f5
f5
K04808933 : Intel Processors MMIO Stale Data Advisory vulnerabilities CVE-2022-21123, CVE-2022-21125, and CVE-2022-21127
2022-07-18 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Intel Processors affect IBM Cloud Pak System
2023-03-31 15:06:36
cbl_mariner
cbl_mariner
CVE-2022-34495 affecting package kernel for versions less than 5.15.55.1-1
2022-08-03 21:15:19
CVE-2022-34495 affecting package kernel 5.10.123.1-1
2022-08-12 16:45:24
CVE-2022-34494 affecting package kernel for versions less than 5.15.55.1-1
2022-08-03 21:15:19
redhatcve
redhatcve
CVE-2022-34495
2022-06-29 13:36:46
CVE-2022-34494
2022-06-29 13:36:39
CVE-2022-2078
2022-06-14 08:30:15
ubuntucve
ubuntucve
CVE-2022-34495
2022-06-26 00:00:00
CVE-2022-34494
2022-06-26 00:00:00
CVE-2022-1852
2022-06-30 00:00:00
cve
cve
CVE-2022-34495
2022-06-26 16:15:07
CVE-2022-34494
2022-06-26 16:15:07
CVE-2022-2078
2022-06-30 13:15:08
debiancve
debiancve
CVE-2022-34495
2022-06-26 16:15:07
CVE-2022-34494
2022-06-26 16:15:07
CVE-2022-2078
2022-06-30 13:15:08
nvd
nvd
CVE-2022-34495
2022-06-26 16:15:07
CVE-2022-34494
2022-06-26 16:15:07
CVE-2022-1852
2022-06-30 13:15:08
cvelist
cvelist
CVE-2022-34495
2022-06-26 15:28:07
CVE-2022-34494
2022-06-26 15:28:19
CVE-2022-1852
2022-06-30 12:42:20
prion
prion
Double free
2022-06-26 16:15:00
Double free
2022-06-26 16:15:00
Buffer overflow
2022-06-30 13:15:00
veracode
veracode
NULL Pointer Dereference
2023-02-03 23:01:31
Denial Of Service (DoS)
2022-10-06 22:50:51
Information Disclosure
2022-06-16 21:06:02
rosalinux
rosalinux
Advisory ROSA-SA-2022-2056
2022-12-06 10:20:53
photon
photon
Critical Photon OS Security Update - PHSA-2022-0238
2022-08-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package kernel-image-std-def version 2:5.10.121-alt1
2022-06-15 00:00:00
githubexploit
githubexploit
Exploit for Stack-based Buffer Overflow in Linux Linux Kernel
2023-03-06 12:49:29

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

51.5%

JSON
Related for USN-5529-1
openvas20nessus51osv15rocky3vmware1almalinux2xen1redhat12oraclelinux13ubuntu5fedora5malwarebytes1mageia4hp1intel1mscve3citrix1debian2centos1f51ibm1cbl_mariner8redhatcve5ubuntucve5cve6debiancve6nvd7cvelist7prion4veracode3rosalinux1photon1altlinux1githubexploit1