Date Published: 2022-04-25
QID 198749: Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5385-1)
The aquantia aqtion ethernet devicedriver in the linux kernel did not properly validate meta-data coming fromthe device.
The udf file system implementation in the linuxkernel could attempt to dereference a null pointer in some situations.
The nfs implementation in the linux kernel did notproperly handle requests to open a directory on a regular file.
The yam ax.
A local attacker who can control an emulated device can usethis to cause a denial of service (system crash) or possibly executearbitrary code.
Anattacker could use this to construct a malicious udf image that, whenmounted and operated on, could cause a denial of service (system crash).
A localattacker could use this to expose sensitive information (kernel memory).
25 device driver in the linux kernel didnot properly deallocate memory in some error conditions.
A local privilegedattacker could use this to cause a denial of service (kernel memoryexhaustion).
- USN-5385-1 - ubuntu.com/security/notices/USN-5385-1