The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5469-1 advisory.

  - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the     fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user     function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.
    (CVE-2022-0168)

  - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers     concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM     for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the     system. (CVE-2022-1048)

  - A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the     offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw     allows unprivileged local users on the host to write outside the userspace region and potentially corrupt     the kernel, resulting in a denial of service condition. (CVE-2022-1158)

  - A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a     local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device     is detached and reclaim resources early. (CVE-2022-1195)

  - A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an     attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.
    (CVE-2022-1198)

  - A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating     amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free     vulnerability. (CVE-2022-1199)

  - A use-after-free flaw was found in the Linux kernel's Amateur Radio AX.25 protocol functionality in the     way a user connects with the protocol. This flaw allows a local user to crash the system. (CVE-2022-1204)

  - A NULL pointer dereference flaw was found in the Linux kernel's Amateur Radio AX.25 protocol functionality     in the way a user connects with the protocol. This flaw allows a local user to crash the system.
    (CVE-2022-1205)

  - A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled.
    This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a     kernel oops condition that results in a denial of service. (CVE-2022-1263)

  - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This     flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a     leak of internal kernel information. (CVE-2022-1353)

  - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols     functionality in the way a user terminates their session using a simulated Ethernet card and continued     usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)

  - A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function     in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to     leak unauthorized kernel information, causing a denial of service. (CVE-2022-1651)

  - A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux     kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.
    (CVE-2022-1671)

  - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
    An attacker with access to a serial port could trigger the debugger so it is important that the debugger     respect the lockdown mode when/if it is triggered. (CVE-2022-21499)

  - In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)

  - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double     free. (CVE-2022-28388)

  - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double     free. (CVE-2022-28389)

  - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
    (CVE-2022-28390)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-5469-1)

high Nessus Plugin ID 161955

Version 1.6

Version 1.5

Version 1.4

Version 1.6 Jan 9, 2024, 6:56 PM Plugin metadata Detection (updated detection logic) Plugin Feed: 202401091856
Version 1.5 Oct 23, 2023, 6:27 PM CVE (set "CVE" coverage to "CVE-2022-0168,CVE-2022-1048,CVE-2022-1158,CVE-2022-1195,CVE-2022-1198,CVE-2022-1199,CVE-2022-1204,CVE-2022-1205,CVE-2022-1263,CVE-2022-1353,CVE-2022-1516,CVE-2022-1651,CVE-2022-1671,CVE-2022-21499,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390") CVSS metrics ("CVSSv2 score" changed from 7.2 to 6.9. "CVSSv2 vector" changed from "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C" to "CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2022-1966" to "CVE-2022-1048") CVSSv2 severity (based on CVE-2022-1048, severity decreased from "High" to "Medium") Detection Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin metadata Plugin Feed: 202310231827
Version 1.4 Jan 18, 2023, 9:01 AM Logic Changes (Added support for s390x) Plugin Feed: 202301180901