The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5913-1 advisory.

  - In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could     lead to local escalation of privilege with no additional execution privileges needed. User interaction is     not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References:
    Upstream kernel (CVE-2022-20566)

  - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue     is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The     manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier     of this vulnerability is VDB-211088. (CVE-2022-3565)

  - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in     net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)

  - drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-     space client to corrupt the monitor's internal memory. (CVE-2022-43750)

  - A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel.
    This flaw allows an attacker to conduct a remote denial (CVE-2022-4379)

  - An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in     drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds     read when parsing a Robust Security Network (RSN) information element from a Netlink packet.
    (CVE-2022-47520)

  - The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The     ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL     MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the     TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to     the prctl syscall. The patch that added the support for the conditional mitigation via prctl     (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit     a664ec9158eeddd75121d39c9a0758016097fa96 (CVE-2023-0045)

  - There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local     privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or     CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a     use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can     install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this     socket is disconnected and reused as a listener. If a new socket is created from the listener, the context     is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend     upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c (CVE-2023-0461)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5913-1)

high Nessus Plugin ID 172092

Version 1.3

Version 1.2

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Jan 10, 2024, 8:45 AM Detection (updated detection logic) Plugin metadata Plugin Feed: 202401100845
Version 1.2 Jan 9, 2024, 6:56 PM Plugin metadata Detection (updated detection logic) Plugin Feed: 202401091856
Version 1.2 Oct 23, 2023, 6:27 PM Detection Plugin metadata Plugin Feed: 202310231827
Version 1.1 Aug 31, 2023, 2:16 PM CVSS metrics ("CVSSv2 score" changed from 6.8 to 7.8. "CVSSv2 vector" changed from "CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2022-3565" to "CVE-2023-0045") CVSSv2 severity (based on CVE-2023-0045, severity increased from "Medium" to "High") CVSSv3 score source (set to "CVE-2023-0461") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202308311416
Version 1.0 Mar 5, 2023, 2:01 AM New Plugin Feed: 202303050201