Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5594-1)

high Nessus Plugin ID 164654

Language:

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5594-1 advisory.

 - Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)

 - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)

 - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. (CVE-2022-1729)

 - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)

 - A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially (CVE-2022-1943)

 - A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal.
 This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.
 (CVE-2022-1973)

 - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)

 - An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. (CVE-2022-2873)

 - A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring().
 The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-2959)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

https://ubuntu.com/security/notices/USN-5594-1

Plugin Details

Severity: High

ID: 164654

File Name: ubuntu_USN-5594-1.nasl

Version: 1.5

Type: local

Agent: unix

Published: 9/2/2022

Updated: 1/17/2023

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2022-1943

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Temporal Vector: E:U/RL:O/RC:C

CVSS Score Source: CVE-2022-1012

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:20.04:-:lts, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1002-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1013-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1015-gke, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1017-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1019-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-47-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-47-lowlatency-64k, p-cpe:/a:canonical:ubuntu_linux:linux-image-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-gke, p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 9/2/2022

Vulnerability Publication Date: 2/9/2022

Reference Information

CVE: CVE-2021-33061, CVE-2022-1012, CVE-2022-1729, CVE-2022-1852, CVE-2022-1943, CVE-2022-1973, CVE-2022-2503, CVE-2022-2873, CVE-2022-2959

USN: 5594-1