usn-5381-1
Vulnerability from osv_ubuntu
Published
2022-04-20 19:09
Modified
2026-06-03 10:45
Summary
linux-oem-5.14 vulnerabilities
Details

David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-1015)

It was discovered that the block layer subsystem in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0494)

It was discovered that the DMA subsystem in the Linux kernel did not properly ensure bounce buffers were completely overwritten by the DMA device. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0854)

Jann Horn discovered that the FUSE file system in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1011)

David Bouman discovered that the netfilter subsystem in the Linux kernel did not initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1016)

Hu Jiahui discovered that multiple race conditions existed in the Advanced Linux Sound Architecture (ALSA) framework, leading to use-after-free vulnerabilities. A local attacker could use these to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1048)

It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-24958)

It was discovered that the ST21NFCA NFC driver in the Linux kernel did not properly validate the size of certain data in EVT_TRANSACTION events. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-26490)

It was discovered that the USB SR9700 ethernet device driver for the Linux kernel did not properly validate the length of requests from the device. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-26966)

It was discovered that the Xilinx USB2 device gadget driver in the Linux kernel did not properly validate endpoint indices from the host. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-27223)

赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. (CVE-2022-28356)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2022-0494",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-0854",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-1011",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-1015",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-1016",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-1048",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-24958",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-26490",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-26966",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-27223",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-28356",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:20.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "linux-buildinfo-5.14.0-1033-oem",
            "binary_version": "5.14.0-1033.36"
          },
          {
            "binary_name": "linux-headers-5.14.0-1033-oem",
            "binary_version": "5.14.0-1033.36"
          },
          {
            "binary_name": "linux-image-unsigned-5.14.0-1033-oem",
            "binary_version": "5.14.0-1033.36"
          },
          {
            "binary_name": "linux-modules-5.14.0-1033-oem",
            "binary_version": "5.14.0-1033.36"
          },
          {
            "binary_name": "linux-oem-5.14-headers-5.14.0-1033",
            "binary_version": "5.14.0-1033.36"
          },
          {
            "binary_name": "linux-oem-5.14-tools-5.14.0-1033",
            "binary_version": "5.14.0-1033.36"
          },
          {
            "binary_name": "linux-oem-5.14-tools-host",
            "binary_version": "5.14.0-1033.36"
          },
          {
            "binary_name": "linux-tools-5.14.0-1033-oem",
            "binary_version": "5.14.0-1033.36"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:20.04:LTS",
        "name": "linux-oem-5.14",
        "purl": "pkg:deb/ubuntu/linux-oem-5.14@5.14.0-1033.36?arch=source\u0026distro=focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-1033.36"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "5.14.0-1004.4",
        "5.14.0-1005.5",
        "5.14.0-1007.7",
        "5.14.0-1008.8",
        "5.14.0-1010.10",
        "5.14.0-1011.11",
        "5.14.0-1013.13",
        "5.14.0-1018.19",
        "5.14.0-1020.22",
        "5.14.0-1022.24",
        "5.14.0-1024.26",
        "5.14.0-1027.30",
        "5.14.0-1029.32",
        "5.14.0-1031.34",
        "5.14.0-1032.35"
      ]
    }
  ],
  "aliases": [],
  "details": "David Bouman discovered that the netfilter subsystem in the Linux kernel\ndid not properly validate passed user register indices. A local attacker\ncould use this to cause a denial of service or possibly execute arbitrary\ncode. (CVE-2022-1015)\n\nIt was discovered that the block layer subsystem in the Linux kernel did\nnot properly initialize memory in some situations. A privileged local\nattacker could use this to expose sensitive information (kernel memory).\n(CVE-2022-0494)\n\nIt was discovered that the DMA subsystem in the Linux kernel did not\nproperly ensure bounce buffers were completely overwritten by the DMA\ndevice. A local attacker could use this to expose sensitive information\n(kernel memory). (CVE-2022-0854)\n\nJann Horn discovered that the FUSE file system in the Linux kernel\ncontained a use-after-free vulnerability. A local attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2022-1011)\n\nDavid Bouman discovered that the netfilter subsystem in the Linux kernel\ndid not initialize memory in some situations. A local attacker could use\nthis to expose sensitive information (kernel memory). (CVE-2022-1016)\n\nHu Jiahui discovered that multiple race conditions existed in the Advanced\nLinux Sound Architecture (ALSA) framework, leading to use-after-free\nvulnerabilities. A local attacker could use these to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2022-1048)\n\nIt was discovered that the USB Gadget file system interface in the Linux\nkernel contained a use-after-free vulnerability. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2022-24958)\n\nIt was discovered that the ST21NFCA NFC driver in the Linux kernel did not\nproperly validate the size of certain data in EVT_TRANSACTION events. A\nphysically proximate attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2022-26490)\n\nIt was discovered that the USB SR9700 ethernet device driver for the Linux\nkernel did not properly validate the length of requests from the device. A\nphysically proximate attacker could possibly use this to expose sensitive\ninformation (kernel memory). (CVE-2022-26966)\n\nIt was discovered that the Xilinx USB2 device gadget driver in the Linux\nkernel did not properly validate endpoint indices from the host. A\nphysically proximate attacker could possibly use this to cause a denial of\nservice (system crash). (CVE-2022-27223)\n\n\u8d75\u5b50\u8f69 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not\nproperly perform reference counting in some error conditions. A local\nattacker could use this to cause a denial of service. (CVE-2022-28356)\n",
  "id": "USN-5381-1",
  "modified": "2026-06-03T10:45:28Z",
  "published": "2022-04-20T19:09:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-5381-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-0494"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-0854"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-1011"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-1015"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-1016"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-1048"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-24958"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-26490"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-26966"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-27223"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-28356"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "linux-oem-5.14 vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2022-0494",
    "UBUNTU-CVE-2022-0854",
    "UBUNTU-CVE-2022-1011",
    "UBUNTU-CVE-2022-1015",
    "UBUNTU-CVE-2022-1016",
    "UBUNTU-CVE-2022-1048",
    "UBUNTU-CVE-2022-24958",
    "UBUNTU-CVE-2022-26490",
    "UBUNTU-CVE-2022-26966",
    "UBUNTU-CVE-2022-27223",
    "UBUNTU-CVE-2022-28356"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…