{"id":"USN-5302-1","summary":"linux-oem-5.14 vulnerabilities","details":"Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the\nLinux kernel did not properly restrict access to the cgroups v1\nrelease_agent feature. A local attacker could use this to gain\nadministrative privileges. (CVE-2022-0492)\n\nBrendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver\nin the Linux kernel did not properly handle some error conditions. A\nphysically proximate attacker could use this to cause a denial of service\n(system crash). (CVE-2021-43976)\n\nWenqing Liu discovered that the f2fs file system implementation in the\nLinux kernel did not properly validate inode types while performing garbage\ncollection. An attacker could use this to construct a malicious f2fs image\nthat, when mounted and operated on, could cause a denial of service (system\ncrash). (CVE-2021-44879)\n\nSamuel Page discovered that the Transparent Inter-Process Communication\n(TIPC) protocol implementation in the Linux kernel contained a stack-based\nbuffer overflow. A remote attacker could use this to cause a denial of\nservice (system crash) for systems that have a TIPC bearer configured.\n(CVE-2022-0435)\n\nLyu Tao discovered that the NFS implementation in the Linux kernel did not\nproperly handle requests to open a directory on a regular file. A local\nattacker could use this to expose sensitive information (kernel memory).\n(CVE-2022-24448)\n\nIt was discovered that the YAM AX.25 device driver in the Linux kernel did\nnot properly deallocate memory in some error conditions. A local privileged\nattacker could use this to cause a denial of service (kernel memory\nexhaustion). (CVE-2022-24959)\n","modified":"2026-02-10T04:42:30Z","published":"2022-02-22T22:45:56Z","related":["UBUNTU-CVE-2021-43976","UBUNTU-CVE-2021-44879","UBUNTU-CVE-2022-0435","UBUNTU-CVE-2022-0492","UBUNTU-CVE-2022-24448","UBUNTU-CVE-2022-24959"],"upstream":["CVE-2021-43976","CVE-2021-44879","CVE-2022-0435","CVE-2022-0492","CVE-2022-24448","CVE-2022-24959","UBUNTU-CVE-2021-43976","UBUNTU-CVE-2021-44879","UBUNTU-CVE-2022-0435","UBUNTU-CVE-2022-0492","UBUNTU-CVE-2022-24448","UBUNTU-CVE-2022-24959"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5302-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-43976"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-44879"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0435"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0492"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-24448"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-24959"}],"affected":[{"package":{"name":"linux-oem-5.14","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/linux-oem-5.14@5.14.0-1024.26?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.14.0-1024.26"}]}],"versions":["5.14.0-1004.4","5.14.0-1005.5","5.14.0-1007.7","5.14.0-1008.8","5.14.0-1010.10","5.14.0-1011.11","5.14.0-1013.13","5.14.0-1018.19","5.14.0-1020.22","5.14.0-1022.24"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"5.14.0-1024.26","binary_name":"linux-buildinfo-5.14.0-1024-oem"},{"binary_version":"5.14.0-1024.26","binary_name":"linux-headers-5.14.0-1024-oem"},{"binary_version":"5.14.0-1024.26","binary_name":"linux-image-unsigned-5.14.0-1024-oem"},{"binary_version":"5.14.0-1024.26","binary_name":"linux-modules-5.14.0-1024-oem"},{"binary_version":"5.14.0-1024.26","binary_name":"linux-oem-5.14-headers-5.14.0-1024"},{"binary_version":"5.14.0-1024.26","binary_name":"linux-oem-5.14-tools-5.14.0-1024"},{"binary_version":"5.14.0-1024.26","binary_name":"linux-oem-5.14-tools-host"},{"binary_version":"5.14.0-1024.26","binary_name":"linux-tools-5.14.0-1024-oem"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2021-43976"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2021-44879"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-0435"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-0492"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-24448"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"negligible","type":"Ubuntu"}],"id":"CVE-2022-24959"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5302-1.json"}}],"schema_version":"1.7.3"}