{"id":"USN-5861-1","summary":"linux-dell300x vulnerabilities","details":"It was discovered that the NFSD implementation in the Linux kernel did not\nproperly handle some RPC messages, leading to a buffer overflow. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2022-43945)\n\nTamás Koczka discovered that the Bluetooth L2CAP handshake implementation\nin the Linux kernel contained multiple use-after-free vulnerabilities. A\nphysically proximate attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2022-42896)\n\nIt was discovered that an out-of-bounds write vulnerability existed in the\nVideo for Linux 2 (V4L2) implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2022-20369)\n\nPawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan\nand Ariel Sabba discovered that some Intel processors with Enhanced\nIndirect Branch Restricted Speculation (eIBRS) did not properly handle RET\ninstructions after a VM exits. A local attacker could potentially use this\nto expose sensitive information. (CVE-2022-26373)\n\nDavid Leadbeater discovered that the netfilter IRC protocol tracking\nimplementation in the Linux Kernel incorrectly handled certain message\npayloads in some situations. A remote attacker could possibly use this to\ncause a denial of service or bypass firewall filtering. (CVE-2022-2663)\n\nJohannes Wikner and Kaveh Razavi discovered that for some AMD x86-64\nprocessors, the branch predictor could by mis-trained for return\ninstructions in certain circumstances. A local attacker could possibly use\nthis to expose sensitive information. (CVE-2022-29900)\n\nJohannes Wikner and Kaveh Razavi discovered that for some Intel x86-64\nprocessors, the Linux kernel's protections against speculative branch\ntarget injection attacks were insufficient in some circumstances. A local\nattacker could possibly use this to expose sensitive information.\n(CVE-2022-29901)\n\nIt was discovered that the Xen netback driver in the Linux kernel did not\nproperly handle packets structured in certain ways. An attacker in a guest\nVM could possibly use this to cause a denial of service (host NIC\navailability). (CVE-2022-3643)\n\nIt was discovered that the NILFS2 file system implementation in the Linux\nkernel did not properly deallocate memory in certain error conditions. An\nattacker could use this to cause a denial of service (memory exhaustion).\n(CVE-2022-3646)\n\nKhalid Masum discovered that the NILFS2 file system implementation in the\nLinux kernel did not properly handle certain error conditions, leading to a\nuse-after-free vulnerability. A local attacker could use this to cause a\ndenial of service or possibly execute arbitrary code. (CVE-2022-3649)\n\nHyunwoo Kim discovered that an integer overflow vulnerability existed in\nthe PXA3xx graphics driver in the Linux kernel. A local attacker could\npossibly use this to cause a denial of service (system crash).\n(CVE-2022-39842)\n\nIt was discovered that a race condition existed in the SMSC UFX USB driver\nimplementation in the Linux kernel, leading to a use-after-free\nvulnerability. A physically proximate attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2022-41849)\n\nIt was discovered that a race condition existed in the Roccat HID driver in\nthe Linux kernel, leading to a use-after-free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2022-41850)\n\nIt was discovered that the USB monitoring (usbmon) component in the Linux\nkernel did not properly set permissions on memory mapped in to user space\nprocesses. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2022-43750)\n\nIt was discovered that an integer overflow vulnerability existed in the\nBluetooth subsystem in the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2022-45934)\n\n","modified":"2026-02-10T04:42:57Z","published":"2023-02-09T22:42:11Z","related":["UBUNTU-CVE-2022-20369","UBUNTU-CVE-2022-26373","UBUNTU-CVE-2022-2663","UBUNTU-CVE-2022-29900","UBUNTU-CVE-2022-29901","UBUNTU-CVE-2022-3643","UBUNTU-CVE-2022-3646","UBUNTU-CVE-2022-3649","UBUNTU-CVE-2022-39842","UBUNTU-CVE-2022-41849","UBUNTU-CVE-2022-41850","UBUNTU-CVE-2022-42896","UBUNTU-CVE-2022-43750","UBUNTU-CVE-2022-43945","UBUNTU-CVE-2022-45934"],"upstream":["CVE-2022-20369","CVE-2022-26373","CVE-2022-2663","CVE-2022-29900","CVE-2022-29901","CVE-2022-3643","CVE-2022-3646","CVE-2022-3649","CVE-2022-39842","CVE-2022-41849","CVE-2022-41850","CVE-2022-42896","CVE-2022-43750","CVE-2022-43945","CVE-2022-45934","UBUNTU-CVE-2022-20369","UBUNTU-CVE-2022-26373","UBUNTU-CVE-2022-2663","UBUNTU-CVE-2022-29900","UBUNTU-CVE-2022-29901","UBUNTU-CVE-2022-3643","UBUNTU-CVE-2022-3646","UBUNTU-CVE-2022-3649","UBUNTU-CVE-2022-39842","UBUNTU-CVE-2022-41849","UBUNTU-CVE-2022-41850","UBUNTU-CVE-2022-42896","UBUNTU-CVE-2022-43750","UBUNTU-CVE-2022-43945","UBUNTU-CVE-2022-45934"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5861-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-2663"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3643"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3646"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3649"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-20369"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-26373"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-29900"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-29901"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-39842"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-41849"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-41850"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-42896"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-43750"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-43945"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-45934"}],"affected":[{"package":{"name":"linux-dell300x","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/linux-dell300x@4.15.0-1060.65?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.15.0-1060.65"}]}],"versions":["4.15.0-1005.8","4.15.0-1006.10","4.15.0-1007.11","4.15.0-1009.13","4.15.0-1010.14","4.15.0-1011.15","4.15.0-1012.16","4.15.0-1013.17","4.15.0-1015.19","4.15.0-1016.20","4.15.0-1017.21","4.15.0-1018.22","4.15.0-1022.26","4.15.0-1027.32","4.15.0-1028.33","4.15.0-1029.34","4.15.0-1030.35","4.15.0-1031.36","4.15.0-1033.38","4.15.0-1034.39","4.15.0-1035.40","4.15.0-1037.42","4.15.0-1038.43","4.15.0-1040.45","4.15.0-1041.46","4.15.0-1042.47","4.15.0-1047.52","4.15.0-1048.53","4.15.0-1049.54","4.15.0-1051.56","4.15.0-1052.57","4.15.0-1053.58","4.15.0-1054.59","4.15.0-1055.60","4.15.0-1057.62","4.15.0-1058.63"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"linux-buildinfo-4.15.0-1060-dell300x","binary_version":"4.15.0-1060.65"},{"binary_name":"linux-dell300x-headers-4.15.0-1060","binary_version":"4.15.0-1060.65"},{"binary_name":"linux-dell300x-tools-4.15.0-1060","binary_version":"4.15.0-1060.65"},{"binary_name":"linux-headers-4.15.0-1060-dell300x","binary_version":"4.15.0-1060.65"},{"binary_name":"linux-image-unsigned-4.15.0-1060-dell300x","binary_version":"4.15.0-1060.65"},{"binary_name":"linux-modules-4.15.0-1060-dell300x","binary_version":"4.15.0-1060.65"},{"binary_name":"linux-tools-4.15.0-1060-dell300x","binary_version":"4.15.0-1060.65"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-2663"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-3643"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-3646"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-3649"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-20369"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-26373"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-29900"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-29901"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2022-39842"},{"severity":[{"score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2022-41849"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2022-41850"},{"severity":[{"score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-42896"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-43750"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-43945"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-45934"}],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5861-1.json"}}],"schema_version":"1.7.3"}