The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5815-1 advisory.

  - In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free.
    This could lead to local escalation of privilege with no additional execution privileges needed. User     interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-239630375References: Upstream kernel (CVE-2022-20421)

  - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and     incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted     IRC with nf_conntrack_irc configured. (CVE-2022-2663)

  - Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver     through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by     zero error. (CVE-2022-3061)

  - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead     to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or     member of the audio group) could use this flaw to crash the system, resulting in a denial of service     condition (CVE-2022-3303)

  - A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb     enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed)     into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of     service. (CVE-2022-3586)

  - A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects     the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The     manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a     patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. (CVE-2022-3646)

  - An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in     drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an     integer overflow and bypassing the size check. After that, because it is used as the third argument to     copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can     actually happen. (CVE-2022-39842)

  - An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a     race condition with a resultant use-after-free. (CVE-2022-40307)

  - A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in     drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and     gain escalation of privileges. (CVE-2022-4095)

  - drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-     space client to corrupt the monitor's internal memory. (CVE-2022-43750)

  - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race     condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale     TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-5815-1)

high Nessus Plugin ID 170187

Version 1.3

Version 1.2

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Jan 10, 2024, 8:45 AM Plugin metadata Detection (updated detection logic) Plugin Feed: 202401100845
Version 1.2 Jan 9, 2024, 6:56 PM Plugin metadata Detection (updated detection logic) Plugin Feed: 202401091856
Version 1.2 Oct 21, 2023, 5:06 AM CVE (set "CVE" coverage to "CVE-2022-2663,CVE-2022-3061,CVE-2022-3303,CVE-2022-3586,CVE-2022-3646,CVE-2022-39188,CVE-2022-4095,CVE-2022-20421,CVE-2022-39842,CVE-2022-40307,CVE-2022-43750") Detection Plugin metadata Plugin Feed: 202310210506
Version 1.1 Sep 7, 2023, 2:20 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2022-43750" to "CVE-2022-4095") CVSSv3 score source (set to "CVE-2022-4095") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202309071420
Version 1.0 Jan 20, 2023, 7:59 AM New Plugin Feed: 202301200759