{"id":"USN-5831-1","summary":"linux-azure-fde vulnerabilities","details":"Kyle Zeng discovered that the sysctl implementation in the Linux kernel\ncontained a stack-based buffer overflow. A local attacker could use this to\ncause a denial of service (system crash) or execute arbitrary code.\n(CVE-2022-4378)\n\nTamás Koczka discovered that the Bluetooth L2CAP handshake implementation\nin the Linux kernel contained multiple use-after-free vulnerabilities. A\nphysically proximate attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2022-42896)\n\nIt was discovered that the Xen netback driver in the Linux kernel did not\nproperly handle packets structured in certain ways. An attacker in a guest\nVM could possibly use this to cause a denial of service (host NIC\navailability). (CVE-2022-3643)\n\nIt was discovered that an integer overflow vulnerability existed in the\nBluetooth subsystem in the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2022-45934)\n","modified":"2026-04-27T16:47:21.941488127Z","published":"2023-01-27T19:01:20Z","related":["UBUNTU-CVE-2022-3643","UBUNTU-CVE-2022-42896","UBUNTU-CVE-2022-4378","UBUNTU-CVE-2022-45934"],"upstream":["CVE-2022-3643","CVE-2022-42896","CVE-2022-4378","CVE-2022-45934","UBUNTU-CVE-2022-3643","UBUNTU-CVE-2022-42896","UBUNTU-CVE-2022-4378","UBUNTU-CVE-2022-45934"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5831-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3643"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-4378"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-42896"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-45934"}],"affected":[{"package":{"name":"linux-azure-fde","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/linux-azure-fde@5.15.0-1031.38.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.0-1031.38.1"}]}],"versions":["5.15.0-1019.24.1","5.15.0-1024.30.1","5.15.0-1029.36.1","5.15.0-1030.37.1"],"ecosystem_specific":{"binaries":[{"binary_name":"linux-image-unsigned-5.15.0-1031-azure-fde","binary_version":"5.15.0-1031.38.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5831-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-3643"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2022-4378"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2022-42896"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-45934"}],"ecosystem":"Ubuntu:22.04:LTS"}}}],"schema_version":"1.7.5"}