{"id":"USN-5865-1","summary":"linux-azure-4.15 vulnerabilities","details":"It was discovered that an out-of-bounds write vulnerability existed in the\nVideo for Linux 2 (V4L2) implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2022-20369)\n\nPawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan\nand Ariel Sabba discovered that some Intel processors with Enhanced\nIndirect Branch Restricted Speculation (eIBRS) did not properly handle RET\ninstructions after a VM exits. A local attacker could potentially use this\nto expose sensitive information. (CVE-2022-26373)\n\nDavid Leadbeater discovered that the netfilter IRC protocol tracking\nimplementation in the Linux Kernel incorrectly handled certain message\npayloads in some situations. A remote attacker could possibly use this to\ncause a denial of service or bypass firewall filtering. (CVE-2022-2663)\n\nJohannes Wikner and Kaveh Razavi discovered that for some AMD x86-64\nprocessors, the branch predictor could by mis-trained for return\ninstructions in certain circumstances. A local attacker could possibly use\nthis to expose sensitive information. (CVE-2022-29900)\n\nJohannes Wikner and Kaveh Razavi discovered that for some Intel x86-64\nprocessors, the Linux kernel's protections against speculative branch\ntarget injection attacks were insufficient in some circumstances. A local\nattacker could possibly use this to expose sensitive information.\n(CVE-2022-29901)\n\nIt was discovered that the NILFS2 file system implementation in the Linux\nkernel did not properly deallocate memory in certain error conditions. An\nattacker could use this to cause a denial of service (memory exhaustion).\n(CVE-2022-3646)\n\nKhalid Masum discovered that the NILFS2 file system implementation in the\nLinux kernel did not properly handle certain error conditions, leading to a\nuse-after-free vulnerability. A local attacker could use this to cause a\ndenial of service or possibly execute arbitrary code. (CVE-2022-3649)\n\nHyunwoo Kim discovered that an integer overflow vulnerability existed in\nthe PXA3xx graphics driver in the Linux kernel. A local attacker could\npossibly use this to cause a denial of service (system crash).\n(CVE-2022-39842)\n\nIt was discovered that a race condition existed in the SMSC UFX USB driver\nimplementation in the Linux kernel, leading to a use-after-free\nvulnerability. A physically proximate attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2022-41849)\n\nIt was discovered that a race condition existed in the Roccat HID driver in\nthe Linux kernel, leading to a use-after-free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2022-41850)\n\nIt was discovered that the USB monitoring (usbmon) component in the Linux\nkernel did not properly set permissions on memory mapped in to user space\nprocesses. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2022-43750)\n","modified":"2026-04-27T16:33:06.497140Z","published":"2023-02-10T14:08:25Z","related":["UBUNTU-CVE-2022-20369","UBUNTU-CVE-2022-26373","UBUNTU-CVE-2022-2663","UBUNTU-CVE-2022-29900","UBUNTU-CVE-2022-29901","UBUNTU-CVE-2022-3646","UBUNTU-CVE-2022-3649","UBUNTU-CVE-2022-39842","UBUNTU-CVE-2022-41849","UBUNTU-CVE-2022-41850","UBUNTU-CVE-2022-43750"],"upstream":["CVE-2022-20369","CVE-2022-26373","CVE-2022-2663","CVE-2022-29900","CVE-2022-29901","CVE-2022-3646","CVE-2022-3649","CVE-2022-39842","CVE-2022-41849","CVE-2022-41850","CVE-2022-43750","UBUNTU-CVE-2022-20369","UBUNTU-CVE-2022-26373","UBUNTU-CVE-2022-2663","UBUNTU-CVE-2022-29900","UBUNTU-CVE-2022-29901","UBUNTU-CVE-2022-3646","UBUNTU-CVE-2022-3649","UBUNTU-CVE-2022-39842","UBUNTU-CVE-2022-41849","UBUNTU-CVE-2022-41850","UBUNTU-CVE-2022-43750"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5865-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-2663"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3646"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3649"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-20369"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-26373"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-29900"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-29901"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-39842"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-41849"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-41850"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-43750"}],"affected":[{"package":{"name":"linux-azure-4.15","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/linux-azure-4.15@4.15.0-1161.176?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.15.0-1161.176"}]}],"versions":["4.15.0-1082.92","4.15.0-1083.93","4.15.0-1089.99","4.15.0-1091.101","4.15.0-1092.102","4.15.0-1093.103","4.15.0-1095.105","4.15.0-1096.106","4.15.0-1099.110","4.15.0-1100.111","4.15.0-1102.113","4.15.0-1103.114","4.15.0-1104.116","4.15.0-1106.118","4.15.0-1108.120","4.15.0-1109.121","4.15.0-1110.122","4.15.0-1111.123","4.15.0-1112.125","4.15.0-1113.126","4.15.0-1114.127","4.15.0-1115.128","4.15.0-1118.131","4.15.0-1121.134","4.15.0-1122.135","4.15.0-1123.136","4.15.0-1124.137","4.15.0-1125.138","4.15.0-1126.139","4.15.0-1127.140","4.15.0-1129.142","4.15.0-1130.143","4.15.0-1131.144","4.15.0-1133.146","4.15.0-1134.147","4.15.0-1136.149","4.15.0-1137.150","4.15.0-1138.151","4.15.0-1139.152","4.15.0-1142.156","4.15.0-1145.160","4.15.0-1146.161","4.15.0-1149.164","4.15.0-1150.165","4.15.0-1151.166","4.15.0-1153.168","4.15.0-1157.172","4.15.0-1158.173","4.15.0-1159.174"],"ecosystem_specific":{"binaries":[{"binary_version":"4.15.0-1161.176","binary_name":"linux-azure-4.15-cloud-tools-4.15.0-1161"},{"binary_version":"4.15.0-1161.176","binary_name":"linux-azure-4.15-headers-4.15.0-1161"},{"binary_version":"4.15.0-1161.176","binary_name":"linux-azure-4.15-tools-4.15.0-1161"},{"binary_version":"4.15.0-1161.176","binary_name":"linux-buildinfo-4.15.0-1161-azure"},{"binary_version":"4.15.0-1161.176","binary_name":"linux-cloud-tools-4.15.0-1161-azure"},{"binary_version":"4.15.0-1161.176","binary_name":"linux-headers-4.15.0-1161-azure"},{"binary_version":"4.15.0-1161.176","binary_name":"linux-image-unsigned-4.15.0-1161-azure"},{"binary_version":"4.15.0-1161.176","binary_name":"linux-modules-4.15.0-1161-azure"},{"binary_version":"4.15.0-1161.176","binary_name":"linux-modules-extra-4.15.0-1161-azure"},{"binary_version":"4.15.0-1161.176","binary_name":"linux-tools-4.15.0-1161-azure"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5865-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-2663"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-3646"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-3649"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-20369"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-26373"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-29900"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-29901"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2022-39842"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2022-41849"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2022-41850"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-43750"}],"ecosystem":"Ubuntu:18.04:LTS"}}}],"schema_version":"1.7.5"}