LSN-0090-1: Kernel Live Patch Security Notice
16 November 2022
Several security issues were fixed in the kernel.
Releases
Software Description
- aws - Linux kernel for Amazon Web Services (AWS) systems - (>= 5.4.0-1009, >= 5.4.0-1061, >= 5.15.0-1000)
- aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
- aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems - (>= 5.4.0-1069)
- azure - Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 5.15.0-1000)
- azure-5.4 - Linux kernel for Microsoft Azure cloud systems - (>= 5.4.0-1069)
- gcp - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009, >= 5.15.0-1000)
- gcp-5.15 - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000)
- gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1069)
- generic-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
- gke - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033, >= 5.15.0-1000)
- gke-5.15 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.15.0-1000)
- gke-5.4 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
- gkeop - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
- gkeop-5.4 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
- ibm - Linux kernel for IBM cloud systems - (>= 5.4.0-1009, >= 5.15.0-1000)
- ibm-5.4 - Linux kernel for IBM cloud systems - (>= 5.4.0-1009)
- linux - Linux kernel - (>= 5.15.0-24)
- lowlatency - Linux low latency kernel - (>= 5.15.0-25)
- lowlatency-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
Details
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not properly validate passed user register indices. A local attacker
could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2022-1015)
David Bouman and Billy Jheng Bing Jhong discovered that a race condition
existed in the io_uring subsystem in the Linux kernel, leading to a use-
after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.(CVE-2022-2602)
Sönke Huster discovered that an integer overflow vulnerability existed
in the WiFi driver stack in the Linux kernel, leading to a buffer
overflow. A physically proximate attacker could use this to cause an
denial of service (system crash) or possibly execute arbitrary code.(CVE-2022-41674)
Sönke Huster discovered that the WiFi driver stack in the Linux kernel did
not properly perform reference counting in some situations, leading to a
use-after-free vulnerability. A physically proximate attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-42720)
Sönke Huster discovered that the WiFi driver stack in the Linux kernel did
not properly handle BSSID/SSID lists in some situations. A physically
proximate attacker could use this to cause a denial of service (infinite
loop). (CVE-2022-42721)
Sönke Huster discovered that the WiFi driver stack in the Linux kernel
contained a NULL pointer dereference vulnerability in certain situations. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2022-42722)
Checking update status
The problem can be corrected in these Livepatch versions:
| Kernel type | 22.04 | 20.04 | 18.04 |
|---|---|---|---|
| aws | 90.3 | 90.2 | — |
| aws-5.15 | — | 90.3 | — |
| aws-5.4 | — | — | 90.2 |
| azure | 90.2 | 90.2 | — |
| azure-5.4 | — | — | 90.2 |
| gcp | 90.3 | 90.2 | — |
| gcp-5.15 | — | 90.3 | — |
| gcp-5.4 | — | — | 90.2 |
| generic-5.4 | — | 90.2 | 90.2 |
| gke | 90.3 | 90.2 | — |
| gke-5.15 | — | 90.3 | — |
| gke-5.4 | — | — | 90.2 |
| gkeop | — | 90.2 | — |
| gkeop-5.4 | — | — | 90.2 |
| ibm | 90.2 | 90.2 | — |
| ibm-5.4 | — | — | 90.2 |
| linux | 90.2 | — | — |
| lowlatency | 90.2 | — | — |
| lowlatency-5.4 | — | 90.2 | 90.2 |
To check your kernel type and Livepatch version, enter this command:
canonical-livepatch status