QID 198746

Date Published: 2022-04-21

QID 198746: Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5384-1)

The udf file system implementation in the linuxkernel could attempt to dereference a null pointer in some situations.
The nfs implementation in the linux kernel did notproperly handle requests to open a directory on a regular file.
The yam ax.

Anattacker could use this to construct a malicious udf image that, whenmounted and operated on, could cause a denial of service (system crash).
A localattacker could use this to expose sensitive information (kernel memory).
25 device driver in the linux kernel didnot properly deallocate memory in some error conditions.
A local privilegedattacker could use this to cause a denial of service (kernel memoryexhaustion).

  • CVSS V3 rated as Medium - 5.5 severity.
  • CVSS V2 rated as Low - 1.9 severity.
  • Solution
    Refer to Ubuntu security advisory USN-5384-1 for updates and patch information.
    Vendor References

    CVEs related to QID 198746

    Software Advisories
    Advisory ID Software Component Link
    USN-5384-1 Ubuntu Linux URL Logo ubuntu.com/security/notices/USN-5384-1