{"id":"USN-5728-3","summary":"linux-gcp-5.4 vulnerabilities","details":"Jann Horn discovered that the Linux kernel did not properly track memory\nallocations for anonymous VMA mappings in some situations, leading to\npotential data structure reuse. A local attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2022-42703)\n\nIt was discovered that a race condition existed in the memory address space\naccounting implementation in the Linux kernel, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2022-41222)\n\nIt was discovered that a race condition existed in the instruction emulator\nof the Linux kernel on Arm 64-bit systems. A local attacker could use this\nto cause a denial of service (system crash). (CVE-2022-20422)\n\nIt was discovered that the KVM implementation in the Linux kernel did not\nproperly handle virtual CPUs without APICs in certain situations. A local\nattacker could possibly use this to cause a denial of service (host system\ncrash). (CVE-2022-2153)\n\nHao Sun and Jiacheng Xu discovered that the NILFS file system\nimplementation in the Linux kernel contained a use-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2022-2978)\n\nJohannes Wikner and Kaveh Razavi discovered that for some Intel x86-64\nprocessors, the Linux kernel's protections against speculative branch\ntarget injection attacks were insufficient in some circumstances. A local\nattacker could possibly use this to expose sensitive information.\n(CVE-2022-29901)\n\nAbhishek Shah discovered a race condition in the PF_KEYv2 implementation in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly expose sensitive information (kernel\nmemory). (CVE-2022-3028)\n\nIt was discovered that the Netlink device interface implementation in the\nLinux kernel did not properly handle certain error conditions, leading to a\nuse-after-free vulnerability with some network device drivers. A local\nattacker with admin access to the network device could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2022-3625)\n\nIt was discovered that the IDT 77252 ATM PCI device driver in the Linux\nkernel did not properly remove any pending timers during device exit,\nresulting in a use-after-free vulnerability. A local attacker could\npossibly use this to cause a denial of service (system crash) or execute\narbitrary code. (CVE-2022-3635)\n\nXingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX\nstorage controller driver in the Linux kernel did not properly handle\ncertain structures. A local attacker could potentially use this to expose\nsensitive information (kernel memory). (CVE-2022-40768)\n\nSönke Huster discovered that a use-after-free vulnerability existed in the\nWiFi driver stack in the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2022-42719)\n","modified":"2026-02-10T04:42:50Z","published":"2022-11-29T19:05:17Z","related":["UBUNTU-CVE-2022-20422","UBUNTU-CVE-2022-2153","UBUNTU-CVE-2022-2978","UBUNTU-CVE-2022-29901","UBUNTU-CVE-2022-3028","UBUNTU-CVE-2022-3625","UBUNTU-CVE-2022-3635","UBUNTU-CVE-2022-40768","UBUNTU-CVE-2022-41222","UBUNTU-CVE-2022-42703","UBUNTU-CVE-2022-42719"],"upstream":["CVE-2022-20422","CVE-2022-2153","CVE-2022-2978","CVE-2022-29901","CVE-2022-3028","CVE-2022-3625","CVE-2022-3635","CVE-2022-40768","CVE-2022-41222","CVE-2022-42703","CVE-2022-42719","UBUNTU-CVE-2022-20422","UBUNTU-CVE-2022-2153","UBUNTU-CVE-2022-2978","UBUNTU-CVE-2022-29901","UBUNTU-CVE-2022-3028","UBUNTU-CVE-2022-3625","UBUNTU-CVE-2022-3635","UBUNTU-CVE-2022-40768","UBUNTU-CVE-2022-41222","UBUNTU-CVE-2022-42703","UBUNTU-CVE-2022-42719"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5728-3"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-2153"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-2978"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3028"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3625"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3635"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-20422"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-29901"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-40768"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-41222"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-42703"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-42719"}],"affected":[{"package":{"name":"linux-gcp-5.4","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/linux-gcp-5.4@5.4.0-1093.102~18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.0-1093.102~18.04.1"}]}],"versions":["5.4.0-1019.19~18.04.2","5.4.0-1021.21~18.04.1","5.4.0-1022.22~18.04.1","5.4.0-1024.24~18.04.1","5.4.0-1025.25~18.04.1","5.4.0-1028.29~18.04.1","5.4.0-1029.31~18.04.1","5.4.0-1030.32~18.04.1","5.4.0-1032.34~18.04.1","5.4.0-1033.35~18.04.1","5.4.0-1034.37~18.04.1","5.4.0-1036.39~18.04.1","5.4.0-1037.40~18.04.1","5.4.0-1038.41~18.04.1","5.4.0-1040.43~18.04.1","5.4.0-1041.44~18.04.1","5.4.0-1042.45~18.04.1","5.4.0-1043.46~18.04.1","5.4.0-1044.47~18.04.2","5.4.0-1046.49~18.04.1","5.4.0-1049.53~18.04.1","5.4.0-1051.55~18.04.1","5.4.0-1052.56~18.04.1","5.4.0-1053.57~18.04.1","5.4.0-1055.59~18.04.1","5.4.0-1056.60~18.04.1","5.4.0-1057.61~18.04.1","5.4.0-1058.62~18.04.1","5.4.0-1059.63~18.04.1","5.4.0-1060.64~18.04.1","5.4.0-1062.66~18.04.1","5.4.0-1063.67~18.04.1","5.4.0-1064.68~18.04.1","5.4.0-1065.69~18.04.1","5.4.0-1067.71~18.04.1","5.4.0-1068.72~18.04.1","5.4.0-1069.73~18.04.1","5.4.0-1072.77~18.04.1","5.4.0-1073.78~18.04.1","5.4.0-1075.80~18.04.1","5.4.0-1078.84~18.04.1","5.4.0-1080.87~18.04.1","5.4.0-1083.91~18.04.1","5.4.0-1084.92~18.04.1","5.4.0-1086.94~18.04.1","5.4.0-1087.95~18.04.1","5.4.0-1089.97~18.04.1","5.4.0-1092.101~18.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"5.4.0-1093.102~18.04.1","binary_name":"linux-buildinfo-5.4.0-1093-gcp"},{"binary_version":"5.4.0-1093.102~18.04.1","binary_name":"linux-gcp-5.4-headers-5.4.0-1093"},{"binary_version":"5.4.0-1093.102~18.04.1","binary_name":"linux-gcp-5.4-tools-5.4.0-1093"},{"binary_version":"5.4.0-1093.102~18.04.1","binary_name":"linux-headers-5.4.0-1093-gcp"},{"binary_version":"5.4.0-1093.102~18.04.1","binary_name":"linux-image-unsigned-5.4.0-1093-gcp"},{"binary_version":"5.4.0-1093.102~18.04.1","binary_name":"linux-modules-5.4.0-1093-gcp"},{"binary_version":"5.4.0-1093.102~18.04.1","binary_name":"linux-modules-extra-5.4.0-1093-gcp"},{"binary_version":"5.4.0-1093.102~18.04.1","binary_name":"linux-tools-5.4.0-1093-gcp"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-2153"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-2978"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-3028"},{"severity":[{"score":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-3625"},{"severity":[{"score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"negligible","type":"Ubuntu"}],"id":"CVE-2022-3635"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-20422"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-29901"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-40768"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-41222"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-42703"},{"severity":[{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-42719"}],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5728-3.json"}}],"schema_version":"1.7.3"}