USN-5358-2

Details

It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1055)

It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-27666)

Affected Packages(15 packages)

linux-aws-5.4

Ubuntu 18.04 LTS

Fixed in:

5.4.0-1071.76~18.04.1

linux-azure-5.4

Ubuntu 18.04 LTS

Fixed in:

5.4.0-1074.77~18.04.1

linux-gcp-5.4

Ubuntu 18.04 LTS

Fixed in:

5.4.0-1069.73~18.04.1

linux-gke-5.4

Ubuntu 18.04 LTS

Fixed in:

5.4.0-1067.70~18.04.1

linux-gkeop-5.4

Ubuntu 18.04 LTS

Fixed in:

5.4.0-1038.39~18.04.1

linux-ibm-5.4

Ubuntu 18.04 LTS

Fixed in:

5.4.0-1019.21~18.04.1

linux-raspi-5.4

Ubuntu 18.04 LTS

Fixed in:

5.4.0-1058.65~18.04.1

linux-aws-5.13

Ubuntu 20.04 LTS

Fixed in:

5.13.0-1021.23~20.04.2

linux-azure-fde

Ubuntu 20.04 LTS

Fixed in:

5.4.0-1074.77+cvm1.1

linux-gcp

Ubuntu 20.04 LTS

Fixed in:

5.4.0-1069.73

References

REPORThttps://ubuntu.com/security/CVE-2022-1055 REPORThttps://ubuntu.com/security/CVE-2022-27666 ADVISORYhttps://ubuntu.com/security/notices/USN-5358-2

USN-5358-2

Details

Affected Packages(15 packages)

References

Upstream

Ecosystems

Timeline