Alerts This Week
Warning Icon 1 1,213
Alerts This Week
Warning Icon 1 1,213

Ubuntu 22.04 LTS USN-5915-1 Moderate: Kernel Security Flaws

ubuntu
Calendar Grey March 3, 2023
Dist Ubuntu Esm H88
Addresses fixes for security issues in Ubuntu’s Linux kernel as noted in USN-5915-1, ensuring system integrity.
Several security issues were fixed in the Linux kernel.

Summary

Several security issues were fixed in the Linux kernel.

Software Description:

- linux-oem-6.1: Linux kernel for OEM systems

Details:

It was discovered that the Upper Level Protocol (ULP) subsystem in the

Linux kernel did not properly handle sockets entering the LISTEN state in

certain protocols, leading to a use-after-free vulnerability. A local

attacker could use this to cause a denial of service (system crash) or

possibly execute arbitrary code. (CVE-2023-0461)

Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel

did not properly handle VLAN headers in some situations. A local attacker

could use this to cause a denial of service (system crash) or possibly

execute arbitrary code. (CVE-2023-0179)

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux

kernel contained an out-of-bounds write vulnerability. A local attacker

could use this to cause a denial of service (system crash).

(CVE-2022-36280)

Zheng Wang di...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow Ubuntu kernel out-of-bounds use-after-free

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
   linux-image-6.1.0-1007-oem      6.1.0-1007.7
   linux-image-oem-22.04c          6.1.0.1007.7

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

https://ubuntu.com/security/notices/USN-5915-1

CVE-2022-36280, CVE-2022-3707, CVE-2022-41218, CVE-2022-4379,

CVE-2022-47929, CVE-2023-0045, CVE-2023-0179, CVE-2023-0210,

CVE-2023-0266, CVE-2023-0461, CVE-2023-23454, CVE-2023-23455

March 03, 2023

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow Ubuntu kernel out-of-bounds use-after-free

Package Information

https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1007.7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here