ubuntu jammy v1.75

Metadata:

BOSH Agent Version: 2.489.0

What's Changed

• The new BOSH Agent reliably identifies the root filesystem disk, reducing the chance of Agent timeouts on deploy.

USNs:

Title: USN-5780-1: Linux kernel (OEM) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5780-1
Priorities: medium,high
Description:
It was discovered that a memory leak existed in the IPv6 implementation of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-3524)

It was discovered that the Bluetooth HCI implementation in the Linux kernel
did not properly deallocate memory in some situations. An attacker could
possibly use this cause a denial of service (memory exhaustion).
(CVE-2022-3619)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform bounds checking in some situations. A
physically proximate attacker could use this to craft a malicious USB
device that when inserted, could cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-3628)

Tamás Koczka discovered that the Bluetooth L2CAP implementation in the
Linux kernel did not properly initialize memory in some situations. A
physically proximate attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2022-42895)

Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-42896)
CVEs:

• https://ubuntu.com/security/CVE-2022-3524
• https://ubuntu.com/security/CVE-2022-3619
• https://ubuntu.com/security/CVE-2022-3628
• https://ubuntu.com/security/CVE-2022-42895
• https://ubuntu.com/security/CVE-2022-42896
• https://ubuntu.com/security/CVE-2022-3524
• https://ubuntu.com/security/CVE-2022-3628
• https://ubuntu.com/security/CVE-2022-42895
• https://ubuntu.com/security/CVE-2022-3619
• https://ubuntu.com/security/CVE-2022-42896

Title: USN-5783-1: Linux kernel (OEM) vulnerability
URL: https://ubuntu.com/security/notices/USN-5783-1
Priorities: high
Description:
Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.
CVEs:

• https://ubuntu.com/security/CVE-2022-42896

Title: USN-5779-1: Linux kernel (Azure) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5779-1
Priorities: high,medium,low
Description:
It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-43945)

Jann Horn discovered that the Linux kernel did not properly track memory
allocations for anonymous VMA mappings in some situations, leading to
potential data structure reuse. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-42703)

It was discovered that a memory leak existed in the IPv6 implementation of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-3524)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-3564)

It was discovered that the ISDN implementation of the Linux kernel
contained a use-after-free vulnerability. A privileged user could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3565)

It was discovered that the TCP implementation in the Linux kernel contained
a data race condition. An attacker could possibly use this to cause
undesired behaviors. (CVE-2022-3566)

It was discovered that the IPv6 implementation in the Linux kernel
contained a data race condition. An attacker could possibly use this to
cause undesired behaviors. (CVE-2022-3567)

It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in
the Linux kernel did not properly handle certain error conditions. A local
attacker with physical access could plug in a specially crafted USB device
to cause a denial of service (memory exhaustion). (CVE-2022-3594)

It was discovered that a null pointer dereference existed in the NILFS2
file system implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3621)
CVEs:

• https://ubuntu.com/security/CVE-2022-43945
• https://ubuntu.com/security/CVE-2022-42703
• https://ubuntu.com/security/CVE-2022-3524
• https://ubuntu.com/security/CVE-2022-3564
• https://ubuntu.com/security/CVE-2022-3565
• https://ubuntu.com/security/CVE-2022-3566
• https://ubuntu.com/security/CVE-2022-3567
• https://ubuntu.com/security/CVE-2022-3594
• https://ubuntu.com/security/CVE-2022-3621
• https://ubuntu.com/security/CVE-2022-42703
• https://ubuntu.com/security/CVE-2022-3524
• https://ubuntu.com/security/CVE-2022-3594
• https://ubuntu.com/security/CVE-2022-3566
• https://ubuntu.com/security/CVE-2022-3621
• https://ubuntu.com/security/CVE-2022-43945
• https://ubuntu.com/security/CVE-2022-3564
• https://ubuntu.com/security/CVE-2022-3565
• https://ubuntu.com/security/CVE-2022-3567

Title: USN-5778-1: X.Org X Server vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5778-1
Priorities: medium
Description:
Jan-Niklas Sohn discovered that X.Org X Server extensions contained
multiple security issues. An attacker could possibly use these issues to
cause the X Server to crash, execute arbitrary code, or escalate
privileges.
CVEs:

• https://ubuntu.com/security/CVE-2022-46341
• https://ubuntu.com/security/CVE-2022-46342
• https://ubuntu.com/security/CVE-2022-46340
• https://ubuntu.com/security/CVE-2022-4283
• https://ubuntu.com/security/CVE-2022-46344
• https://ubuntu.com/security/CVE-2022-46343

Full Changelog: ubuntu-jammy/v1.71...ubuntu-jammy/v1.75