Linux Kernel Multiple Vulnerabilities

Impact

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Information Disclosure

System / Technologies affected

• Debian Linux prior to 4.9.320-2 
• Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
• Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
• Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
• Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
• Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0 ppc64le
• Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
• Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
• Red Hat CodeReady Linux Builder for x86_64 9 x86_64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
• Red Hat Enterprise Linux for ARM 64 9 aarch64
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
• Red Hat Enterprise Linux for IBM z Systems 9 s390x
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
• Red Hat Enterprise Linux for Power, little endian 9 ppc64le
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
• Red Hat Enterprise Linux for x86_64 9 x86_64
• Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
• Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
• Ubuntu 20.04 
  • Ubuntu linux-image-oem-20.04c prior to 5.14.0.1044.40 
  • Ubuntu linux-image-oem-20.04b prior to 5.14.0.1044.40 
  • Ubuntu linux-image-oem-20.04d prior to 5.14.0.1044.40 
  • Ubuntu linux-image-oem-20.04 prior to 5.14.0.1044.40 
  • Ubuntu linux-image-5.14.0-1044-oem prior to 5.14.0-1044.49 

Solutions

Before installation of the software, please visit the vendor web-site for more details.

For Debian

• Apply fixes issued by the vendor:
  • https://www.debian.org/lts/security/2022/dla-3065

For Red Hat

• Apply fixes issued by the vendor:
  • https://access.redhat.com/errata/RHSA-2022:5249

For Ubuntu

• Apply fixes issued by the vendor:
  • https://ubuntu.com/security/notices/USN-5485-2

Vulnerability Identifier

• CVE-2018-1108
• CVE-2021-4149
• CVE-2021-39713
• CVE-2022-0494
• CVE-2022-0812
• CVE-2022-0854
• CVE-2022-1011
• CVE-2022-1012
• CVE-2022-1016
• CVE-2022-1198
• CVE-2022-1199
• CVE-2022-1353
• CVE-2022-1516
• CVE-2022-1729
• CVE-2022-1734
• CVE-2022-1966
• CVE-2022-1974
• CVE-2022-1975
• CVE-2022-2153
• CVE-2022-21123
• CVE-2022-21125
• CVE-2022-21166
• CVE-2022-23036
• CVE-2022-23037
• CVE-2022-23038
• CVE-2022-23039
• CVE-2022-23040
• CVE-2022-23041
• CVE-2022-23042
• CVE-2022-23960
• CVE-2022-24958
• CVE-2022-26490
• CVE-2022-26966
• CVE-2022-27223
• CVE-2022-27666
• CVE-2022-28356
• CVE-2022-28390
• CVE-2022-30594
• CVE-2022-32250
• CVE-2022-32296
• CVE-2022-33981

Source

• AusCERT
• Debian
• Red Hat
• Ubuntu

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.3235
• https://www.auscert.org.au/bulletins/ESB-2022.3214
• https://www.auscert.org.au/bulletins/ESB-2022.3238
• https://www.debian.org/lts/security/2022/dla-3065
• https://access.redhat.com/errata/RHSA-2022:5249
• https://ubuntu.com/security/notices/USN-5485-2