{"id":"USN-5471-1","summary":"linux-oem-5.17 vulnerabilities","details":"It was discovered that the Linux kernel did not properly restrict access to\nthe kernel debugger when booted in secure boot environments. A privileged\nattacker could use this to bypass UEFI Secure Boot restrictions.\n(CVE-2022-21499)\n\nAaron Adams discovered that the netfilter subsystem in the Linux kernel did\nnot properly handle the removal of stateful expressions in some situations,\nleading to a use-after-free vulnerability. A local attacker could use this\nto cause a denial of service (system crash) or execute arbitrary code.\n(CVE-2022-1966)\n\nMoshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation\nin the Linux kernel did not provide sufficient randomization when\ncalculating port offsets. An attacker could possibly use this to expose\nsensitive information. (CVE-2022-1012)\n\nDuoming Zhou discovered race conditions in the AX.25 amateur radio protocol\nimplementation in the Linux kernel, leading to use-after-free\nvulnerabilities. A local attacker could possibly use this to cause a denial\nof service (system crash). (CVE-2022-1205)\n\nIt was discovered that the Marvell NFC device driver implementation in the\nLinux kernel did not properly perform memory cleanup operations in some\nsituations, leading to a use-after-free vulnerability. A local attacker\ncould possibly use this to cause a denial of service (system crash) or\nexecute arbitrary code. (CVE-2022-1734)\n\nMinh Yuan discovered that the floppy driver in the Linux kernel contained a\nrace condition in some situations, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2022-1836)\n\nZiming Zhang discovered that the netfilter subsystem in the Linux kernel\ndid not properly validate sets with multiple ranged fields. A local\nattacker could use this to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1972)\n\nJoseph Ravichandran and Michael Wang discovered that the io_uring subsystem\nin the Linux kernel did not properly initialize data in some situations. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2022-29968)\n","modified":"2026-04-27T16:19:03.938654631Z","published":"2022-06-08T05:03:04Z","related":["UBUNTU-CVE-2022-1012","UBUNTU-CVE-2022-1205","UBUNTU-CVE-2022-1734","UBUNTU-CVE-2022-1836","UBUNTU-CVE-2022-1966","UBUNTU-CVE-2022-1972","UBUNTU-CVE-2022-21499","UBUNTU-CVE-2022-29968"],"upstream":["CVE-2022-1012","CVE-2022-1205","CVE-2022-1734","CVE-2022-1836","CVE-2022-1966","CVE-2022-1972","CVE-2022-21499","CVE-2022-29968","UBUNTU-CVE-2022-1012","UBUNTU-CVE-2022-1205","UBUNTU-CVE-2022-1734","UBUNTU-CVE-2022-1836","UBUNTU-CVE-2022-1966","UBUNTU-CVE-2022-1972","UBUNTU-CVE-2022-21499","UBUNTU-CVE-2022-29968"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5471-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-1012"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-1205"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-1734"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-1836"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-1966"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-1972"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-21499"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-29968"}],"affected":[{"package":{"name":"linux-oem-5.17","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/linux-oem-5.17@5.17.0-1011.12?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.17.0-1011.12"}]}],"versions":["5.17.0-1003.3","5.17.0-1004.4","5.17.0-1006.6"],"ecosystem_specific":{"binaries":[{"binary_name":"linux-buildinfo-5.17.0-1011-oem","binary_version":"5.17.0-1011.12"},{"binary_name":"linux-headers-5.17.0-1011-oem","binary_version":"5.17.0-1011.12"},{"binary_name":"linux-image-unsigned-5.17.0-1011-oem","binary_version":"5.17.0-1011.12"},{"binary_name":"linux-modules-5.17.0-1011-oem","binary_version":"5.17.0-1011.12"},{"binary_name":"linux-modules-iwlwifi-5.17.0-1011-oem","binary_version":"5.17.0-1011.12"},{"binary_name":"linux-oem-5.17-headers-5.17.0-1011","binary_version":"5.17.0-1011.12"},{"binary_name":"linux-oem-5.17-tools-5.17.0-1011","binary_version":"5.17.0-1011.12"},{"binary_name":"linux-oem-5.17-tools-host","binary_version":"5.17.0-1011.12"},{"binary_name":"linux-tools-5.17.0-1011-oem","binary_version":"5.17.0-1011.12"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5471-1.json","cves_map":{"cves":[{"id":"CVE-2022-1012","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-1205","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-1734","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-1836","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-1966","severity":[{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2022-1972","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-21499","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2022-29968","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:22.04:LTS"}}}],"schema_version":"1.7.5"}