The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5773-1 advisory.

    It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC     messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service     (system crash) or possibly execute arbitrary code. (CVE-2022-43945)

    Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA     mappings in some situations, leading to potential data structure reuse. A local attacker could use this to     cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703)

    Roger Pau Monn discovered that the Xen virtual block driver in the Linux kernel did not properly     initialize memory pages to be used for shared communication with the backend. A local attacker could use     this to expose sensitive information (guest kernel memory). (CVE-2022-26365)

    Jan Beulich discovered that the Xen network device frontend driver in the Linux kernel incorrectly handled     socket buffers (skb) references when communicating with certain backends. A local attacker could use this     to cause a denial of service (guest crash). (CVE-2022-33743)

    It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local     attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524)

    It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to     a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system     crash) or possibly execute arbitrary code. (CVE-2022-3564)

    It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An     attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566)

    It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An     attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567)

    It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not     properly handle certain error conditions. A local attacker with physical access could plug in a specially     crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594)

    It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the     Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5773-1)

high Nessus Plugin ID 168630

Version 1.8

Version 1.7

Version 1.6

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.8 Aug 28, 2024, 7:43 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202408281943
Version 1.7 Jan 10, 2024, 8:45 AM Plugin metadata Detection (updated detection logic) Plugin Feed: 202401100845
Version 1.6 Oct 21, 2023, 5:06 AM Plugin metadata Detection Plugin Feed: 202310210506
Version 1.6 Jan 9, 2024, 6:56 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202401091856
Version 1.5 Sep 15, 2023, 4:16 PM Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Plugin Feed: 202309151616
Version 1.4 Mar 22, 2023, 4:37 PM CVSS metrics ("CVSSv3 score" changed from "8.0" to "7.8". "CVSSv3 score" changed from "8.0" to "7.8". "CVSSv3 vector" changed from "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H". "CVSSv3 vector" changed from "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H". "CVSSv3 vector" changed from "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSSv3 score source (changed from "CVE-2022-3564" to "CVE-2022-33743") Plugin Feed: 202303221637
Version 1.3 Jan 18, 2023, 9:01 AM Logic Changes (Added support for s390x) Plugin Feed: 202301180901
Version 1.2 Dec 12, 2022, 7:43 PM New Plugin Feed: 202212121943