ID

VAR-202201-0496

CVE

CVE-2021-4197

TITLE

Linux Kernel  Authentication vulnerability in

DESCRIPTION

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. Linux Kernel There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can use this vulnerability to bypass the restrictions of the Linux kernel through Cgroup Fd Writing to elevate their privileges. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security Fix(es): * kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012) * kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729) * kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root (CVE-2022-32250) * kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197) * kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203) * kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Failed to reboot after crash trigger (BZ#2060747) * conntrack entries linger around after test (BZ#2066357) * Enable nested virtualization (BZ#2079070) * slub corruption during LPM of hnv interface (BZ#2081251) * sleeping function called from invalid context at kernel/locking/spinlock_rt.c:35 (BZ#2082091) * Backport request of "genirq: use rcu in kstat_irqs_usr()" (BZ#2083309) * ethtool -L may cause system to hang (BZ#2083323) * For isolated CPUs (with nohz_full enabled for isolated CPUs) CPU utilization statistics are not getting reflected continuously (BZ#2084139) * Affinity broken due to vector space exhaustion (BZ#2084647) * kernel memory leak while freeing nested actions (BZ#2086597) * sync rhel-8.6 with upstream 5.13 through 5.16 fixes and improvements (BZ#2088037) * Kernel panic possibly when cleaning namespace on pod deletion (BZ#2089539) * Softirq hrtimers are being placed on the per-CPU softirq clocks on isolcpu’s. (BZ#2090485) * fix missed wake-ups in rq_qos_throttle try two (BZ#2092076) * NFS4 client experiencing IO outages while sending duplicate SYNs and erroneous RSTs during connection reestablishment (BZ#2094334) * using __this_cpu_read() in preemptible [00000000] code: kworker/u66:1/937154 (BZ#2095775) * Need some changes in RHEL8.x kernels. (BZ#2096932) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1903244 - CVE-2020-29368 kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check 2035652 - CVE-2021-4197 kernel: cgroup: Use open-time creds and namespace for migration perm checks 2036934 - CVE-2021-4203 kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses 2064604 - CVE-2022-1012 kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak 2086753 - CVE-2022-1729 kernel: race condition in perf_event_open leads to privilege escalation 2092427 - CVE-2022-32250 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v.8.4): Source: kernel-4.18.0-305.57.1.el8_4.src.rpm aarch64: bpftool-4.18.0-305.57.1.el8_4.aarch64.rpm bpftool-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-core-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-cross-headers-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debug-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debug-core-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debug-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debug-devel-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debug-modules-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debug-modules-extra-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-devel-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-headers-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-modules-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-modules-extra-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-tools-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-tools-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-tools-libs-4.18.0-305.57.1.el8_4.aarch64.rpm perf-4.18.0-305.57.1.el8_4.aarch64.rpm perf-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm python3-perf-4.18.0-305.57.1.el8_4.aarch64.rpm python3-perf-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm noarch: kernel-abi-stablelists-4.18.0-305.57.1.el8_4.noarch.rpm kernel-doc-4.18.0-305.57.1.el8_4.noarch.rpm ppc64le: bpftool-4.18.0-305.57.1.el8_4.ppc64le.rpm bpftool-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-core-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-cross-headers-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debug-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debug-core-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debug-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debug-devel-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debug-modules-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debug-modules-extra-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-devel-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-headers-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-modules-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-modules-extra-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-tools-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-tools-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-tools-libs-4.18.0-305.57.1.el8_4.ppc64le.rpm perf-4.18.0-305.57.1.el8_4.ppc64le.rpm perf-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm python3-perf-4.18.0-305.57.1.el8_4.ppc64le.rpm python3-perf-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm s390x: bpftool-4.18.0-305.57.1.el8_4.s390x.rpm bpftool-debuginfo-4.18.0-305.57.1.el8_4.s390x.rpm kernel-4.18.0-305.57.1.el8_4.s390x.rpm kernel-core-4.18.0-305.57.1.el8_4.s390x.rpm kernel-cross-headers-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debug-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debug-core-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debug-debuginfo-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debug-devel-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debug-modules-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debug-modules-extra-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debuginfo-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-305.57.1.el8_4.s390x.rpm kernel-devel-4.18.0-305.57.1.el8_4.s390x.rpm kernel-headers-4.18.0-305.57.1.el8_4.s390x.rpm kernel-modules-4.18.0-305.57.1.el8_4.s390x.rpm kernel-modules-extra-4.18.0-305.57.1.el8_4.s390x.rpm kernel-tools-4.18.0-305.57.1.el8_4.s390x.rpm kernel-tools-debuginfo-4.18.0-305.57.1.el8_4.s390x.rpm kernel-zfcpdump-4.18.0-305.57.1.el8_4.s390x.rpm kernel-zfcpdump-core-4.18.0-305.57.1.el8_4.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-305.57.1.el8_4.s390x.rpm kernel-zfcpdump-devel-4.18.0-305.57.1.el8_4.s390x.rpm kernel-zfcpdump-modules-4.18.0-305.57.1.el8_4.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-305.57.1.el8_4.s390x.rpm perf-4.18.0-305.57.1.el8_4.s390x.rpm perf-debuginfo-4.18.0-305.57.1.el8_4.s390x.rpm python3-perf-4.18.0-305.57.1.el8_4.s390x.rpm python3-perf-debuginfo-4.18.0-305.57.1.el8_4.s390x.rpm x86_64: bpftool-4.18.0-305.57.1.el8_4.x86_64.rpm bpftool-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-core-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-cross-headers-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debug-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debug-core-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debug-devel-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debug-modules-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debug-modules-extra-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-devel-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-headers-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-modules-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-modules-extra-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-tools-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-tools-libs-4.18.0-305.57.1.el8_4.x86_64.rpm perf-4.18.0-305.57.1.el8_4.x86_64.rpm perf-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm python3-perf-4.18.0-305.57.1.el8_4.x86_64.rpm python3-perf-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.4): aarch64: bpftool-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debug-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-tools-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-tools-libs-devel-4.18.0-305.57.1.el8_4.aarch64.rpm perf-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm python3-perf-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debug-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-tools-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-tools-libs-devel-4.18.0-305.57.1.el8_4.ppc64le.rpm perf-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm python3-perf-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-tools-libs-devel-4.18.0-305.57.1.el8_4.x86_64.rpm perf-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm python3-perf-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuFkSdzjgjWX9erEAQhDCxAAknsy8K3eg1J603gMndUGWfI/Fs5VzIaH lxGavTw8H57lXRWbQYqJoRKk42uHAH2iCicovyvowJ5SdfnChtAVbG1A1wjJLmJJ 0YDKoeMn3s1jjThivm5rWGQVdImqLw+CxVvb3Pywv6ZswTI5r4ZB4FEXW8GIR1w2 1FeHTcwUgNLzeBLdVem1T50lWERG0j0ZGUmv9mu4QMDeWXoSoPcHKWnsmLgDvQif dVky3UsFoCJ783WJOIctmY97kOffqIDvZdbPwajAyTByspumtcwt6N7wMU6VfI+u B6bRGQgLbElY6IniLUsV7MG8GbbffZvPFNN/n6LdnnFgEt1eDlo6LkZCyPaMbEfx 2dMxJtcAiXmydMs5QXvNJ3y2UR2fp/iHF8euAnSN3eKTLAxDQwo3c4KvNUKAfFcF OAjbyLTilLhiPHRARG4aEWCEUSmfzO3rulNhRcIEWtNIira3/QMFG9qUjNAMvzU1 M4tMSPkH35gx49p2a6arZceUGDXiRwvrP142GzpAgRWt/GrydjAsRiG4pJM2H5TW nB5q7OuwEvch8+o8gJril5uOpm6eI1lylv9wTXbwjpzQqL5k2JcgByRWx8wLqYXy wXsBm+JZL9ztSadqoVsFWSqC0yeRkuF185F4gI7+7azjpeQhHtJEix3bgqRhIzK4 07JERnC1IRg= =y1sh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5127-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 02, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2021-4197 CVE-2022-0168 CVE-2022-1016 CVE-2022-1048 CVE-2022-1158 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1516 CVE-2022-26490 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-29582 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. The security impact is negligible as CAP_SYS_ADMIN inherently gives the ability to deny service. CVE-2022-1016 David Bouman discovered a flaw in the netfilter subsystem where the nft_do_chain function did not initialize register data that nf_tables expressions can read from and write to. CVE-2022-1158 Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered a bug in the KVM implementation for x86 processors. A local user with access to /dev/kvm could cause the MMU emulator to update page table entry flags at the wrong address. CVE-2022-1195 Lin Ma discovered race conditions in the 6pack and mkiss hamradio drivers, which could lead to a use-after-free. CVE-2022-1198 Duoming Zhou discovered a race condition in the 6pack hamradio driver, which could lead to a use-after-free. CVE-2022-1199, CVE-2022-1204, CVE-2022-1205 Duoming Zhou discovered race conditions in the AX.25 hamradio protocol, which could lead to a use-after-free or null pointer dereference. CVE-2022-1353 The TCS Robot tool found an information leak in the PF_KEY subsystem. CVE-2022-1516 A NULL pointer dereference flaw in the implementation of the X.25 set of standardized network protocols, which can result in denial of service. This driver is not enabled in Debian's official kernel configurations. This driver is not enabled in Debian's official kernel configurations. CVE-2022-28388 A double free vulnerability was discovered in the 8 devices USB2CAN interface driver. CVE-2022-28389 A double free vulnerability was discovered in the Microchip CAN BUS Analyzer interface driver. CVE-2022-28390 A double free vulnerability was discovered in the EMS CPC-USB/ARM7 CAN/USB interface driver. For the stable distribution (bullseye), these problems have been fixed in version 5.10.113-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJwRg9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S8bw//bsMGzd7yC5QHR9/G3Vxn10HSYSy9vkPdOrg9nt58xCygMTvj9G4Ur7P5 SqPulxdczzDQgAEl/UVzmCifFMAbfi77w+0feha6zbrjz4yD8vtmk1caVmvbqOxE MsS7GKyFdRxvqWoCG1boIZZ5aKFCgXug4cY1nARJo4tadF3W3lZw9LP9+kdDJ0Z8 4zfzd1fa0tn6Bk9lqVvaks3zVxLA2Iev0yaLGpWPbsrqiSEnB/e1tWAQX7CVRUNT kY48YpAsGraOyjTMkmLyeXNYHwdNYfKR27DK/4CpXeVzqADlMqKtFOp0lvQhF54t KcBvJjvQsJ5ua7qjoJS97SLlMp7aZ3DvBnz28hn3vDp5iqFDTdLSmuPqJGy5JAOD JdijjSFCB2tTjDLBha+1mGAB2kJG8Kj0rcEiQTyFARejOoCIQg9R3EWfp5HI8DCn e4fGZdRATm6Qe9ofBlVmKmVpV36NaiZuy3UA8lhKTlJsjIhwnFB/WknG93/G64HK wMSkbbXDPoYgH06emh0RIXzddfHHO+mZBgUysHBX5pE0KdDazPleFGn5yOdlX8k5 5OT35Cga+hRVT9KNQfz4Me0AEt0kEwyMIUM6R49KvB8eQ9Az1OjO0yWONz4F5mDW 0HoSJCW+9gZzljIebL+odSyT/dvUZpP/xVzE8DRukDyn99GY6y4= =vCuc -----END PGP SIGNATURE----- . Summary: The Migration Toolkit for Containers (MTC) 1.6.5 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2057579 - [MTC UI] Cancel button on ?Migrations? page does not disappear when migration gets Failed/Succeeded with warnings 2072311 - HPAs of DeploymentConfigs are not being updated when migration from Openshift 3.x to Openshift 4.x 2074044 - [MTC] Rsync pods are not running as privileged 2074553 - Upstream Hook Runner image requires arguments be in a different order 5. ========================================================================== Ubuntu Security Notice USN-5368-1 April 06, 2022 linux-azure-5.13, linux-oracle-5.13 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure-5.13: Linux kernel for Microsoft Azure cloud systems - linux-oracle-5.13: Linux kernel for Oracle Cloud systems Details: It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1055) Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. (CVE-2022-0492) J\xfcrgen Gro\xdf discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs. (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713) J\xfcrgen Gro\xdf discovered that the Xen network backend driver in the Linux kernel did not adequately limit the amount of queued packets when a guest did not process them. An attacker in a guest VM can use this to cause a denial of service (excessive kernel memory consumption) in the network backend domain. (CVE-2021-28714, CVE-2021-28715) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39698) It was discovered that the simulated networking device driver for the Linux kernel did not properly initialize memory in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-4135) Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. (CVE-2021-4197) Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can control an emulated device can use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-43975) It was discovered that the ARM Trusted Execution Environment (TEE) subsystem in the Linux kernel contained a race condition leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-44733) It was discovered that the Phone Network protocol (PhoNet) implementation in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45095) It was discovered that the eBPF verifier in the Linux kernel did not properly perform bounds checking on mov32 operations. A local attacker could use this to expose sensitive information (kernel pointer addresses). (CVE-2021-45402) It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45480) It was discovered that the BPF subsystem in the Linux kernel did not properly track pointer types on atomic fetch operations in some situations. A local attacker could use this to expose sensitive information (kernel pointer addresses). (CVE-2022-0264) It was discovered that the TIPC Protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0382) Samuel Page discovered that the Transparent Inter-Process Communication (TIPC) protocol implementation in the Linux kernel contained a stack-based buffer overflow. A remote attacker could use this to cause a denial of service (system crash) for systems that have a TIPC bearer configured. (CVE-2022-0435) It was discovered that the KVM implementation for s390 systems in the Linux kernel did not properly prevent memory operations on PVM guests that were in non-protected mode. A local attacker could use this to obtain unauthorized memory write access. (CVE-2022-0516) It was discovered that the ICMPv6 implementation in the Linux kernel did not properly deallocate memory in certain situations. A remote attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2022-0742) It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-27666) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.13.0-1021-azure 5.13.0-1021.24~20.04.1 linux-image-5.13.0-1025-oracle 5.13.0-1025.30~20.04.1 linux-image-azure 5.13.0.1021.24~20.04.10 linux-image-oracle 5.13.0.1025.30~20.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5368-1 CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-39698, CVE-2021-4135, CVE-2021-4197, CVE-2021-43975, CVE-2021-44733, CVE-2021-45095, CVE-2021-45402, CVE-2021-45480, CVE-2022-0264, CVE-2022-0382, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516, CVE-2022-0742, CVE-2022-1055, CVE-2022-23222, CVE-2022-27666 Package Information: https://launchpad.net/ubuntu/+source/linux-azure-5.13/5.13.0-1021.24~20.04.1 https://launchpad.net/ubuntu/+source/linux-oracle-5.13/5.13.0-1025.30~20.04.1

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

arbitrary

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Ubuntu

SOURCES

LAST UPDATE DATE

2026-02-07T22:48:13.359000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE