{"id":"USN-5580-1","summary":"linux-aws vulnerabilities","details":"\nIt was discovered that the framebuffer driver on the Linux kernel did not\nverify size limits when changing font or screen size, leading to an out-of-\nbounds write. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2021-33655)\n\nIt was discovered that the virtual terminal driver in the Linux kernel did\nnot properly handle VGA console font changes, leading to an out-of-bounds\nwrite. A local attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2021-33656)\n\nIt was discovered that the Packet network protocol implementation in the\nLinux kernel contained an out-of-bounds access. A remote attacker could use\nthis to expose sensitive information (kernel memory). (CVE-2022-20368)\n\nDomingo Dirutigliano and Nicola Guerrera discovered that the netfilter\nsubsystem in the Linux kernel did not properly handle rules that truncated\npackets below the packet header size. When such rules are in place, a\nremote attacker could possibly use this to cause a denial of service\n(system crash). (CVE-2022-36946)\n\n","modified":"2026-02-10T04:42:45Z","published":"2022-08-24T15:49:43Z","related":["UBUNTU-CVE-2021-33655","UBUNTU-CVE-2021-33656","UBUNTU-CVE-2022-20368","UBUNTU-CVE-2022-36946"],"upstream":["CVE-2021-33655","CVE-2021-33656","CVE-2022-20368","CVE-2022-36946","UBUNTU-CVE-2021-33655","UBUNTU-CVE-2021-33656","UBUNTU-CVE-2022-20368","UBUNTU-CVE-2022-36946"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5580-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-33655"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-33656"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-20368"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-36946"}],"affected":[{"package":{"name":"linux-aws","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/linux-aws@4.4.0-1150.165?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-1150.165"}]}],"versions":["4.4.0-1001.10","4.4.0-1003.12","4.4.0-1004.13","4.4.0-1007.16","4.4.0-1009.18","4.4.0-1011.20","4.4.0-1012.21","4.4.0-1013.22","4.4.0-1016.25","4.4.0-1017.26","4.4.0-1018.27","4.4.0-1020.29","4.4.0-1022.31","4.4.0-1026.35","4.4.0-1028.37","4.4.0-1030.39","4.4.0-1031.40","4.4.0-1032.41","4.4.0-1035.44","4.4.0-1037.46","4.4.0-1038.47","4.4.0-1039.48","4.4.0-1041.50","4.4.0-1043.52","4.4.0-1044.53","4.4.0-1047.56","4.4.0-1048.57","4.4.0-1049.58","4.4.0-1050.59","4.4.0-1052.61","4.4.0-1054.63","4.4.0-1055.64","4.4.0-1057.66","4.4.0-1060.69","4.4.0-1061.70","4.4.0-1062.71","4.4.0-1063.72","4.4.0-1065.75","4.4.0-1066.76","4.4.0-1067.77","4.4.0-1069.79","4.4.0-1070.80","4.4.0-1072.82","4.4.0-1073.83","4.4.0-1074.84","4.4.0-1075.85","4.4.0-1077.87","4.4.0-1079.89","4.4.0-1081.91","4.4.0-1083.93","4.4.0-1084.94","4.4.0-1085.96","4.4.0-1087.98","4.4.0-1088.99","4.4.0-1090.101","4.4.0-1092.103","4.4.0-1094.105","4.4.0-1095.106","4.4.0-1096.107","4.4.0-1098.109","4.4.0-1099.110","4.4.0-1100.111","4.4.0-1101.112","4.4.0-1102.113","4.4.0-1104.115","4.4.0-1105.116","4.4.0-1106.117","4.4.0-1107.118","4.4.0-1109.120","4.4.0-1110.121","4.4.0-1111.123","4.4.0-1112.124","4.4.0-1113.126","4.4.0-1114.127","4.4.0-1117.131","4.4.0-1118.132","4.4.0-1119.133","4.4.0-1121.135","4.4.0-1122.136","4.4.0-1123.137","4.4.0-1124.138","4.4.0-1126.140","4.4.0-1127.141","4.4.0-1128.142","4.4.0-1129.143","4.4.0-1130.144","4.4.0-1131.145","4.4.0-1132.146","4.4.0-1133.147","4.4.0-1134.148","4.4.0-1135.149","4.4.0-1137.151","4.4.0-1138.152","4.4.0-1139.153","4.4.0-1140.154","4.4.0-1143.158","4.4.0-1145.160","4.4.0-1146.161","4.4.0-1147.162","4.4.0-1148.163"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"4.4.0-1150.165","binary_name":"linux-aws-cloud-tools-4.4.0-1150"},{"binary_version":"4.4.0-1150.165","binary_name":"linux-aws-headers-4.4.0-1150"},{"binary_version":"4.4.0-1150.165","binary_name":"linux-aws-tools-4.4.0-1150"},{"binary_version":"4.4.0-1150.165","binary_name":"linux-buildinfo-4.4.0-1150-aws"},{"binary_version":"4.4.0-1150.165","binary_name":"linux-cloud-tools-4.4.0-1150-aws"},{"binary_version":"4.4.0-1150.165","binary_name":"linux-headers-4.4.0-1150-aws"},{"binary_version":"4.4.0-1150.165","binary_name":"linux-image-4.4.0-1150-aws"},{"binary_version":"4.4.0-1150.165","binary_name":"linux-modules-4.4.0-1150-aws"},{"binary_version":"4.4.0-1150.165","binary_name":"linux-modules-extra-4.4.0-1150-aws"},{"binary_version":"4.4.0-1150.165","binary_name":"linux-tools-4.4.0-1150-aws"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-33655"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-33656"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-20368"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-36946"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5580-1.json"}}],"schema_version":"1.7.3"}