QID 198749

Date Published: 2022-04-25

QID 198749: Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5385-1)

The aquantia aqtion ethernet devicedriver in the linux kernel did not properly validate meta-data coming fromthe device.
The udf file system implementation in the linuxkernel could attempt to dereference a null pointer in some situations.
The nfs implementation in the linux kernel did notproperly handle requests to open a directory on a regular file.
The yam ax.

A local attacker who can control an emulated device can usethis to cause a denial of service (system crash) or possibly executearbitrary code.
Anattacker could use this to construct a malicious udf image that, whenmounted and operated on, could cause a denial of service (system crash).
A localattacker could use this to expose sensitive information (kernel memory).
25 device driver in the linux kernel didnot properly deallocate memory in some error conditions.
A local privilegedattacker could use this to cause a denial of service (kernel memoryexhaustion).

  • CVSS V3 rated as High - 6.7 severity.
  • CVSS V2 rated as Medium - 4.6 severity.
  • Solution
    Refer to Ubuntu security advisory USN-5385-1 for updates and patch information.
    Vendor References

    CVEs related to QID 198749

    Software Advisories
    Advisory ID Software Component Link
    USN-5385-1 Ubuntu Linux URL Logo ubuntu.com/security/notices/USN-5385-1