Ubuntu Security Notices
USN-5415-1

USN-5415-1: Linux kernel vulnerabilities

Publication date

12 May 2022

Overview

Several security issues were fixed in the Linux kernel.

Releases

20.04 LTS 18.04 LTS

Packages

linux - Linux kernel
linux-aws - Linux kernel for Amazon Web Services (AWS) systems
linux-azure - Linux kernel for Microsoft Azure Cloud systems
linux-azure-5.4 - Linux kernel for Microsoft Azure cloud systems
linux-azure-fde - Linux kernel for Microsoft Azure cloud systems
linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems
linux-gke - Linux kernel for Google Container Engine (GKE) systems
linux-gkeop - Linux kernel for Google Container Engine (GKE) systems
linux-gkeop-5.4 - Linux kernel for Google Container Engine (GKE) systems
linux-hwe-5.4 - Linux hardware enablement (HWE) kernel
linux-ibm - Linux kernel for IBM cloud systems
linux-ibm-5.4 - Linux kernel for IBM cloud systems
linux-kvm - Linux kernel for cloud environments
linux-oracle - Linux kernel for Oracle Cloud systems
linux-oracle-5.4 - Linux kernel for Oracle Cloud systems
linux-raspi - Linux kernel for Raspberry Pi systems
linux-raspi-5.4 - Linux kernel for Raspberry Pi systems

Details

Jeremy Cline discovered a use-after-free in the nouveau graphics driver of
the Linux kernel during device removal. A privileged or physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2020-27820)

Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk,
Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre
Variant 2 mitigations for AMD processors on Linux were insufficient in some
situations. A local attacker could possibly use this to expose sensitive
information. (CVE-2021-26401)

David Bouman discovered that the netfilter subsystem in the Linux kernel
did not initialize memory in some situations. A local attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-1016)

It was discovered that the MMC/SD subsystem...

It was discovered that the MMC/SD subsystem in the Linux kernel did not
properly handle read errors from SD cards in certain situations. An
attacker could possibly use this to expose sensitive information (kernel
memory). (CVE-2022-20008)

It was discovered that the USB gadget subsystem in the Linux kernel did not
properly validate interface descriptor requests. An attacker could possibly
use this to cause a denial of service (system crash). (CVE-2022-25258)

It was discovered that the Remote NDIS (RNDIS) USB gadget implementation in
the Linux kernel did not properly validate the size of the RNDIS_MSG_SET
command. An attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2022-25375)

It was discovered that the ST21NFCA NFC driver in the Linux kernel did not
properly validate the size of certain data in EVT_TRANSACTION events. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-26490)

It was discovered that the Xilinx USB2 device gadget driver in the Linux
kernel did not properly validate endpoint indices from the host. A
physically proximate attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-27223)

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release	Package Version
20.04 focal	linux-image-5.4.0-1063-kvm – 5.4.0-1063.66
	linux-image-5.4.0-1073-aws – 5.4.0-1073.78
	linux-image-5.4.0-1060-raspi – 5.4.0-1060.68
	linux-image-gkeop – 5.4.0.1040.43
	linux-image-virtual – 5.4.0.110.114
	linux-image-generic – 5.4.0.110.114
	linux-image-5.4.0-110-generic – 5.4.0-110.124
	linux-image-oem – 5.4.0.110.114
	linux-image-5.4.0-1071-gke – 5.4.0-1071.76
	linux-image-raspi – 5.4.0.1060.94
	linux-image-5.4.0-1021-ibm – 5.4.0-1021.23
	linux-image-ibm – 5.4.0.1021.21
	linux-image-oem-osp1 – 5.4.0.110.114
	linux-image-5.4.0-110-lowlatency – 5.4.0-110.124
	linux-image-5.4.0-1078-azure – 5.4.0-1078.81
	linux-image-5.4.0-110-generic-lpae – 5.4.0-110.124
	linux-image-azure-lts-20.04 – 5.4.0.1078.76
	linux-image-gkeop-5.4 – 5.4.0.1040.43
	linux-image-azure-fde – 5.4.0.1078.81+cvm1.22
	linux-image-5.4.0-1040-gkeop – 5.4.0-1040.41
	linux-image-5.4.0-1078-azure-fde – 5.4.0-1078.81+cvm1.1
	linux-image-lowlatency – 5.4.0.110.114
	linux-image-gcp-lts-20.04 – 5.4.0.1073.81
	linux-image-ibm-lts-20.04 – 5.4.0.1021.21
	linux-image-aws-lts-20.04 – 5.4.0.1073.75
	linux-image-raspi2 – 5.4.0.1060.94
	linux-image-gke – 5.4.0.1071.80
	linux-image-5.4.0-1073-gcp – 5.4.0-1073.78
	linux-image-oracle-lts-20.04 – 5.4.0.1071.71
	linux-image-gke-5.4 – 5.4.0.1071.80
	linux-image-kvm – 5.4.0.1063.62
	linux-image-generic-lpae – 5.4.0.110.114
	linux-image-5.4.0-1071-oracle – 5.4.0-1071.77
18.04 bionic	linux-image-generic-hwe-18.04 – 5.4.0.110.124~18.04.95
	linux-image-snapdragon-hwe-18.04 – 5.4.0.110.124~18.04.95
	linux-image-5.4.0-110-generic – 5.4.0-110.124~18.04.1
	linux-image-oem – 5.4.0.110.124~18.04.95
	linux-image-raspi-hwe-18.04 – 5.4.0.1060.61
	linux-image-5.4.0-1021-ibm – 5.4.0-1021.23~18.04.1
	linux-image-ibm – 5.4.0.1021.38
	linux-image-oem-osp1 – 5.4.0.110.124~18.04.95
	linux-image-5.4.0-110-lowlatency – 5.4.0-110.124~18.04.1
	linux-image-generic-lpae-hwe-18.04 – 5.4.0.110.124~18.04.95
	linux-image-lowlatency-hwe-18.04 – 5.4.0.110.124~18.04.95
	linux-image-5.4.0-110-generic-lpae – 5.4.0-110.124~18.04.1
	linux-image-gkeop-5.4 – 5.4.0.1040.41~18.04.40
	linux-image-5.4.0-1040-gkeop – 5.4.0-1040.41~18.04.1
	linux-image-azure – 5.4.0.1078.57
	linux-image-virtual-hwe-18.04 – 5.4.0.110.124~18.04.95
	linux-image-5.4.0-1060-raspi – 5.4.0-1060.68~18.04.1
	linux-image-gcp – 5.4.0.1073.57
	linux-image-oracle – 5.4.0.1071.77~18.04.50
	linux-image-5.4.0-1078-azure – 5.4.0-1078.81~18.04.1
	linux-image-5.4.0-1073-gcp – 5.4.0-1073.78~18.04.1
	linux-image-5.4.0-1071-oracle – 5.4.0-1071.77~18.04.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›