LSN-0089-1: Kernel Live Patch Security Notice

24 August 2022

Several security issues were fixed in the kernel.

Releases

Software Description

  • aws - Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 4.15.0-1119, >= 5.4.0-1009, >= 5.4.0-1061, >= 5.15.0-1000, >= 4.4.0-1098, >= 4.4.0-1129)
  • aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
  • aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems - (>= 5.4.0-1069)
  • aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems - (>= 4.15.0-1126)
  • azure - Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 5.15.0-1000, >= 4.15.0-1063, >= 4.15.0-1078, >= 4.15.0-1114)
  • azure-4.15 - Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1115)
  • azure-5.4 - Linux kernel for Microsoft Azure cloud systems - (>= 5.4.0-1069)
  • gcp - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009, >= 5.15.0-1000, >= 4.15.0-1118)
  • gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems - (>= 4.15.0-1121)
  • gcp-5.15 - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000)
  • gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1069)
  • generic-4.15 - Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-143, >= 4.15.0-69)
  • generic-4.4 - Linux kernel - (>= 4.4.0-168, >= 4.4.0-211, >= 4.4.0-168)
  • generic-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
  • gke - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033, >= 5.15.0-1000)
  • gke-4.15 - Linux kernel for Google Container Engine (GKE) systems - (>= 4.15.0-1076)
  • gke-5.15 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.15.0-1000)
  • gke-5.4 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • gkeop - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • gkeop-5.4 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
  • ibm - Linux kernel for IBM cloud systems - (>= 5.4.0-1009, >= 5.15.0-1000)
  • ibm-5.4 - Linux kernel for IBM cloud systems - (>= 5.4.0-1009)
  • linux - Linux kernel - (>= 5.15.0-24)
  • lowlatency - Linux low latency kernel - (>= 5.15.0-25)
  • lowlatency-4.15 - Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-143, >= 4.15.0-69)
  • lowlatency-4.4 - Linux kernel - (>= 4.4.0-168, >= 4.4.0-211, >= 4.4.0-168)
  • lowlatency-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
  • oem - Linux kernel for OEM systems - (>= 4.15.0-1063)

Details

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966)

Ziming Zhang discovered that the netfilter subsystem in the Linux kernel
did not properly validate sets with multiple ranged fields. A local
attacker could use this to cause a denial of service or execute arbitrary
code.(CVE-2022-1972)

It was discovered that the implementation of POSIX timers in the Linux
kernel did not properly clean up timers in some situations. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code.(CVE-2022-2585)

It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-2586)

Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-2588)

It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.(CVE-2022-21499)

Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code.(CVE-2022-29581)

Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel
did not properly perform data validation. A local attacker could use this
to escalate privileges in certain situations.(CVE-2022-34918)

Checking update status

The problem can be corrected in these Livepatch versions:

Kernel type 22.04 20.04 18.04 16.04 14.04
aws 89.1 89.1 89.1 89.1
aws-5.15 89.1
aws-5.4 89.1
aws-hwe 89.1
azure 89.1 89.2 89.1
azure-4.15 89.1
azure-5.4 89.2
gcp 89.1 89.1 89.1
gcp-4.15 89.1
gcp-5.15 89.1
gcp-5.4 89.1
generic-4.15 89.1 89.1
generic-4.4 89.1 89.1
generic-5.4 89.2 89.2
gke 89.1 89.2
gke-4.15 89.1
gke-5.15 89.1
gke-5.4 89.2
gkeop 89.2
gkeop-5.4 89.2
ibm 89.1 89.1
ibm-5.4 89.1
linux 89.1
lowlatency 88.1
lowlatency-4.15 89.1 89.1
lowlatency-4.4 89.2 89.2
lowlatency-5.4 89.1 89.1
oem 89.1

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status