Ubuntu 5357-1: Linux kernel vulnerability | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up
==========================================================================
Ubuntu Security Notice USN-5357-1
March 31, 2022

linux, linux-aws, linux-azure-4.15, linux-dell300x, linux-hwe, linux-kvm,
linux-snapdragon vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-dell300x: Linux kernel for Dell 300x platforms
- linux-kvm: Linux kernel for cloud environments
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
- linux-hwe: Linux hardware enablement (HWE) kernel

Details:

It was discovered that the IPsec implementation in the Linux
kernel did not properly allocate enough memory when performing ESP
transformations, leading to a heap-based buffer overflow. A local
attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  linux-image-4.15.0-1040-dell300x  4.15.0-1040.45
  linux-image-4.15.0-1112-kvm     4.15.0-1112.115
  linux-image-4.15.0-1125-snapdragon  4.15.0-1125.134
  linux-image-4.15.0-1126-aws     4.15.0-1126.135
  linux-image-4.15.0-1136-azure   4.15.0-1136.149
  linux-image-4.15.0-175-generic  4.15.0-175.184
  linux-image-4.15.0-175-generic-lpae  4.15.0-175.184
  linux-image-4.15.0-175-lowlatency  4.15.0-175.184
  linux-image-aws-lts-18.04       4.15.0.1126.129
  linux-image-azure-lts-18.04     4.15.0.1136.109
  linux-image-dell300x            4.15.0.1040.42
  linux-image-generic             4.15.0.175.164
  linux-image-generic-lpae        4.15.0.175.164
  linux-image-kvm                 4.15.0.1112.108
  linux-image-lowlatency          4.15.0.175.164
  linux-image-snapdragon          4.15.0.1125.128
  linux-image-virtual             4.15.0.175.164

Ubuntu 16.04 ESM:
  linux-image-4.15.0-175-generic  4.15.0-175.184~16.04.1
  linux-image-4.15.0-175-lowlatency  4.15.0-175.184~16.04.1
  linux-image-generic-hwe-16.04   4.15.0.175.167
  linux-image-lowlatency-hwe-16.04  4.15.0.175.167
  linux-image-oem                 4.15.0.175.167
  linux-image-virtual-hwe-16.04   4.15.0.175.167

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
  https://ubuntu.com/security/notices/USN-5357-1
  CVE-2022-27666

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.15.0-175.184
  https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1126.135
  https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1136.149
  https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1040.45
  https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1112.115
  https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1125.134

Ubuntu 5357-1: Linux kernel vulnerability

March 30, 2022
The system could be made to crash or run programs as an administrator.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: The system could be made to crash or run programs as an administrator. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-kvm: Linux kernel for cloud environments - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux-hwe: Linux hardware enablement (HWE) kernel Details: It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1040-dell300x 4.15.0-1040.45 linux-image-4.15.0-1112-kvm 4.15.0-1112.115 linux-image-4.15.0-1125-snapdragon 4.15.0-1125.134 linux-image-4.15.0-1126-aws 4.15.0-1126.135 linux-image-4.15.0-1136-azure 4.15.0-1136.149 linux-image-4.15.0-175-generic 4.15.0-175.184 linux-image-4.15.0-175-generic-lpae 4.15.0-175.184 linux-image-4.15.0-175-lowlatency 4.15.0-175.184 linux-image-aws-lts-18.04 4.15.0.1126.129 linux-image-azure-lts-18.04 4.15.0.1136.109 linux-image-dell300x 4.15.0.1040.42 linux-image-generic 4.15.0.175.164 linux-image-generic-lpae 4.15.0.175.164 linux-image-kvm 4.15.0.1112.108 linux-image-lowlatency 4.15.0.175.164 linux-image-snapdragon 4.15.0.1125.128 linux-image-virtual 4.15.0.175.164 Ubuntu 16.04 ESM: linux-image-4.15.0-175-generic 4.15.0-175.184~16.04.1 linux-image-4.15.0-175-lowlatency 4.15.0-175.184~16.04.1 linux-image-generic-hwe-16.04 4.15.0.175.167 linux-image-lowlatency-hwe-16.04 4.15.0.175.167 linux-image-oem 4.15.0.175.167 linux-image-virtual-hwe-16.04 4.15.0.175.167 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References

https://ubuntu.com/security/notices/USN-5357-1

CVE-2022-27666

Severity
Ubuntu Security Notice USN-5357-1

Package Information

https://launchpad.net/ubuntu/+source/linux/4.15.0-175.184 https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1126.135 https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1136.149 https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1040.45 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1112.115 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1125.134

Related News

OpenBSD 7.3 Released With AMD RDNA3 Graphics, Guided Disk Encryption

Latest Release of EuroLinux Desktop – What Will We Find in Version 9.1?

Tails 5.11 Amnesic Incognito Live System Switches to ZRam and Linux Kernel 6.1 LTS

Worried About Security Patching? Here's Why You Need to Switch to Ubuntu Pro

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo