usn-5703-1
Vulnerability from osv_ubuntu
Published
2022-10-26 21:26
Modified
2026-06-03 10:45
Summary
linux-intel-iotg vulnerabilities
Details

Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1882)

Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373)

Eric Biggers discovered that a use-after-free vulnerability existed in the io_uring subsystem in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3176)

It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879)

Jann Horn discovered that the KVM subsystem in the Linux kernel did not properly handle TLB flush operations in some situations. A local attacker in a guest VM could use this to cause a denial of service (guest crash) or possibly execute arbitrary code in the guest kernel. (CVE-2022-39189)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2022-1882",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-3176",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-26373",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-36879",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-39189",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:22.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "linux-buildinfo-5.15.0-1017-intel-iotg",
            "binary_version": "5.15.0-1017.22"
          },
          {
            "binary_name": "linux-cloud-tools-5.15.0-1017-intel-iotg",
            "binary_version": "5.15.0-1017.22"
          },
          {
            "binary_name": "linux-headers-5.15.0-1017-intel-iotg",
            "binary_version": "5.15.0-1017.22"
          },
          {
            "binary_name": "linux-image-unsigned-5.15.0-1017-intel-iotg",
            "binary_version": "5.15.0-1017.22"
          },
          {
            "binary_name": "linux-intel-iotg-cloud-tools-5.15.0-1017",
            "binary_version": "5.15.0-1017.22"
          },
          {
            "binary_name": "linux-intel-iotg-cloud-tools-common",
            "binary_version": "5.15.0-1017.22"
          },
          {
            "binary_name": "linux-intel-iotg-headers-5.15.0-1017",
            "binary_version": "5.15.0-1017.22"
          },
          {
            "binary_name": "linux-intel-iotg-tools-5.15.0-1017",
            "binary_version": "5.15.0-1017.22"
          },
          {
            "binary_name": "linux-intel-iotg-tools-common",
            "binary_version": "5.15.0-1017.22"
          },
          {
            "binary_name": "linux-intel-iotg-tools-host",
            "binary_version": "5.15.0-1017.22"
          },
          {
            "binary_name": "linux-modules-5.15.0-1017-intel-iotg",
            "binary_version": "5.15.0-1017.22"
          },
          {
            "binary_name": "linux-modules-extra-5.15.0-1017-intel-iotg",
            "binary_version": "5.15.0-1017.22"
          },
          {
            "binary_name": "linux-modules-iwlwifi-5.15.0-1017-intel-iotg",
            "binary_version": "5.15.0-1017.22"
          },
          {
            "binary_name": "linux-tools-5.15.0-1017-intel-iotg",
            "binary_version": "5.15.0-1017.22"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "name": "linux-intel-iotg",
        "purl": "pkg:deb/ubuntu/linux-intel-iotg@5.15.0-1017.22?arch=source\u0026distro=jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.15.0-1017.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "5.15.0-1004.6",
        "5.15.0-1008.11",
        "5.15.0-1010.14",
        "5.15.0-1013.17",
        "5.15.0-1015.20",
        "5.15.0-1016.21"
      ]
    }
  ],
  "aliases": [],
  "details": "Selim Enes Karaduman discovered that a race condition existed in the\nGeneral notification queue implementation of the Linux kernel, leading to a\nuse-after-free vulnerability. A local attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2022-1882)\n\nPawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan\nand Ariel Sabba discovered that some Intel processors with Enhanced\nIndirect Branch Restricted Speculation (eIBRS) did not properly handle RET\ninstructions after a VM exits. A local attacker could potentially use this\nto expose sensitive information. (CVE-2022-26373)\n\nEric Biggers discovered that a use-after-free vulnerability existed in the\nio_uring subsystem in the Linux kernel. A local attacker could possibly use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2022-3176)\n\nIt was discovered that the Netlink Transformation (XFRM) subsystem in the\nLinux kernel contained a reference counting error. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2022-36879)\n\nJann Horn discovered that the KVM subsystem in the Linux kernel did not\nproperly handle TLB flush operations in some situations. A local attacker\nin a guest VM could use this to cause a denial of service (guest crash) or\npossibly execute arbitrary code in the guest kernel. (CVE-2022-39189)\n\n",
  "id": "USN-5703-1",
  "modified": "2026-06-03T10:45:30Z",
  "published": "2022-10-26T21:26:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-5703-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-1882"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-3176"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-26373"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-36879"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-39189"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "linux-intel-iotg vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2022-1882",
    "UBUNTU-CVE-2022-3176",
    "UBUNTU-CVE-2022-26373",
    "UBUNTU-CVE-2022-36879",
    "UBUNTU-CVE-2022-39189"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…