The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5727-1 advisory.

  - In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race     condition. This could lead to local escalation of privilege with no additional execution privileges     needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid     ID: A-237540956References: Upstream kernel (CVE-2022-20422)

  - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it     possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This     flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel     oops condition that results in a denial of service. (CVE-2022-2153)

  - A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function     security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use     this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-2978)

  - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)     when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to     potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read     and copying it into a socket. (CVE-2022-3028)

  - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue     is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation     leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the     identifier assigned to this vulnerability. (CVE-2022-3635)

  - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in     net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)

  - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information     from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
    (CVE-2022-40768)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5727-1)

high Nessus Plugin ID 167770

Version 1.4