Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

Ubuntu 22.10: USN-5708-1 Critical Backport-Iwlwifi-Dkms Denial of Service

ubuntu
Calendar Grey November 1, 2022
Dist Ubuntu Esm H88
Uncover the Ubuntu Security Bulletin USN-5708-1 which tackles security flaws in the backport-iwlwifi-dkms package for significant Ubuntu releases.
Several security issues were fixed in backport-iwlwifi-dkms.

Summary

Several security issues were fixed in backport-iwlwifi-dkms.

Software Description:

- backport-iwlwifi-dkms: iwlwifi driver backport in DKMS format

Details:

Sönke Huster discovered that an integer overflow vulnerability existed in

the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A

physically proximate attacker could use this to cause a denial of service

(system crash) or possibly execute arbitrary code. (CVE-2022-41674)

Sönke Huster discovered that a use-after-free vulnerability existed in the

WiFi driver stack in the Linux kernel. A physically proximate attacker

could use this to cause a denial of service (system crash) or possibly

execute arbitrary code. (CVE-2022-42719)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did

not properly perform reference counting in some situations, leading to a

use-after-free vulnerability. A physically proximate attacker could use

this to cause a denial of service (system ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
  backport-iwlwifi-dkms           9904-0ubuntu3.1

Ubuntu 22.04 LTS:
  backport-iwlwifi-dkms           9858-0ubuntu3.1

Ubuntu 20.04 LTS:
  backport-iwlwifi-dkms           8324-0ubuntu3~20.04.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5708-1

CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721,

CVE-2022-42722,

Severity
critical
Lowest
Low
Medium
High
Critical

November 01, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.