Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : Linux kernel vulnerabilities (USN-5803-1)
critical Nessus Plugin ID 170012
Language:
Synopsis
The remote Ubuntu host is missing one or more security updates.Description
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5803-1 advisory.- Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)
- A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)
- There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)
- An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected kernel package.See Also
Plugin Details
Severity: Critical
ID: 170012
File Name: ubuntu_USN-5803-1.nasl
Version: 1.4
Type: local
Agent: unix
Family: Ubuntu Local Security Checks
Published: 1/13/2023
Updated: 1/16/2023
Supported Sensors: Nessus Agent
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector: CVSS2#E:U/RL:OF/RC:C
CVSS Score Source: CVE-2022-3643
CVSS v3
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:canonical:ubuntu_linux:20.04:-:lts, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, cpe:/o:canonical:ubuntu_linux:22.10, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1023-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1023-raspi-nolpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1026-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1027-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1027-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1028-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1031-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-58-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-58-generic-64k, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-58-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1015-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1015-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1016-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-1017-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-29-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-29-generic-64k, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-29-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae
Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 1/13/2023
Vulnerability Publication Date: 11/23/2022
Reference Information
CVE: CVE-2022-3643, CVE-2022-42896, CVE-2022-4378, CVE-2022-45934
USN: 5803-1