{"id":"USN-5862-1","summary":"linux-snapdragon vulnerabilities","details":"It was discovered that an out-of-bounds write vulnerability existed in the\nVideo for Linux 2 (V4L2) implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2022-20369)\n\nPawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan\nand Ariel Sabba discovered that some Intel processors with Enhanced\nIndirect Branch Restricted Speculation (eIBRS) did not properly handle RET\ninstructions after a VM exits. A local attacker could potentially use this\nto expose sensitive information. (CVE-2022-26373)\n\nDavid Leadbeater discovered that the netfilter IRC protocol tracking\nimplementation in the Linux Kernel incorrectly handled certain message\npayloads in some situations. A remote attacker could possibly use this to\ncause a denial of service or bypass firewall filtering. (CVE-2022-2663)\n\nJohannes Wikner and Kaveh Razavi discovered that for some AMD x86-64\nprocessors, the branch predictor could by mis-trained for return\ninstructions in certain circumstances. A local attacker could possibly use\nthis to expose sensitive information. (CVE-2022-29900)\n\nJohannes Wikner and Kaveh Razavi discovered that for some Intel x86-64\nprocessors, the Linux kernel's protections against speculative branch\ntarget injection attacks were insufficient in some circumstances. A local\nattacker could possibly use this to expose sensitive information.\n(CVE-2022-29901)\n\nIt was discovered that the NILFS2 file system implementation in the Linux\nkernel did not properly deallocate memory in certain error conditions. An\nattacker could use this to cause a denial of service (memory exhaustion).\n(CVE-2022-3646)\n\nKhalid Masum discovered that the NILFS2 file system implementation in the\nLinux kernel did not properly handle certain error conditions, leading to a\nuse-after-free vulnerability. A local attacker could use this to cause a\ndenial of service or possibly execute arbitrary code. (CVE-2022-3649)\n\nHyunwoo Kim discovered that an integer overflow vulnerability existed in\nthe PXA3xx graphics driver in the Linux kernel. A local attacker could\npossibly use this to cause a denial of service (system crash).\n(CVE-2022-39842)\n\nIt was discovered that a race condition existed in the SMSC UFX USB driver\nimplementation in the Linux kernel, leading to a use-after-free\nvulnerability. A physically proximate attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2022-41849)\n\nIt was discovered that a race condition existed in the Roccat HID driver in\nthe Linux kernel, leading to a use-after-free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2022-41850)\n\nIt was discovered that the USB monitoring (usbmon) component in the Linux\nkernel did not properly set permissions on memory mapped in to user space\nprocesses. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2022-43750)\n\n","modified":"2026-04-27T16:20:58.148516Z","published":"2023-02-09T23:00:01Z","related":["UBUNTU-CVE-2022-20369","UBUNTU-CVE-2022-26373","UBUNTU-CVE-2022-2663","UBUNTU-CVE-2022-29900","UBUNTU-CVE-2022-29901","UBUNTU-CVE-2022-3646","UBUNTU-CVE-2022-3649","UBUNTU-CVE-2022-39842","UBUNTU-CVE-2022-41849","UBUNTU-CVE-2022-41850","UBUNTU-CVE-2022-43750"],"upstream":["CVE-2022-20369","CVE-2022-26373","CVE-2022-2663","CVE-2022-29900","CVE-2022-29901","CVE-2022-3646","CVE-2022-3649","CVE-2022-39842","CVE-2022-41849","CVE-2022-41850","CVE-2022-43750","UBUNTU-CVE-2022-20369","UBUNTU-CVE-2022-26373","UBUNTU-CVE-2022-2663","UBUNTU-CVE-2022-29900","UBUNTU-CVE-2022-29901","UBUNTU-CVE-2022-3646","UBUNTU-CVE-2022-3649","UBUNTU-CVE-2022-39842","UBUNTU-CVE-2022-41849","UBUNTU-CVE-2022-41850","UBUNTU-CVE-2022-43750"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5862-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-2663"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3646"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3649"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-20369"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-26373"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-29900"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-29901"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-39842"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-41849"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-41850"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-43750"}],"affected":[{"package":{"name":"linux-snapdragon","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/linux-snapdragon@4.15.0-1145.155?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.15.0-1145.155"}]}],"versions":["4.4.0-1077.82","4.4.0-1078.83","4.4.0-1079.84","4.4.0-1081.86","4.15.0-1053.57","4.15.0-1054.58","4.15.0-1055.59","4.15.0-1057.62","4.15.0-1058.64","4.15.0-1060.66","4.15.0-1062.69","4.15.0-1064.71","4.15.0-1065.72","4.15.0-1066.73","4.15.0-1067.74","4.15.0-1069.76","4.15.0-1070.77","4.15.0-1071.78","4.15.0-1072.79","4.15.0-1074.81","4.15.0-1076.83","4.15.0-1077.84","4.15.0-1079.86","4.15.0-1080.87","4.15.0-1081.88","4.15.0-1083.91","4.15.0-1084.92","4.15.0-1086.94","4.15.0-1087.95","4.15.0-1089.98","4.15.0-1090.99","4.15.0-1091.100","4.15.0-1093.102","4.15.0-1094.103","4.15.0-1095.104","4.15.0-1096.105","4.15.0-1097.106","4.15.0-1098.107","4.15.0-1099.108","4.15.0-1100.109","4.15.0-1101.110","4.15.0-1102.111","4.15.0-1103.112","4.15.0-1106.115","4.15.0-1109.118","4.15.0-1110.119","4.15.0-1111.120","4.15.0-1112.121","4.15.0-1113.122","4.15.0-1114.123","4.15.0-1115.124","4.15.0-1116.125","4.15.0-1118.127","4.15.0-1119.128","4.15.0-1120.129","4.15.0-1122.131","4.15.0-1123.132","4.15.0-1125.134","4.15.0-1126.135","4.15.0-1127.136","4.15.0-1129.138","4.15.0-1132.142","4.15.0-1133.143","4.15.0-1135.145","4.15.0-1136.146","4.15.0-1137.147","4.15.0-1138.148","4.15.0-1139.149","4.15.0-1142.152","4.15.0-1143.153","4.15.0-1144.154"],"ecosystem_specific":{"binaries":[{"binary_name":"linux-buildinfo-4.15.0-1145-snapdragon","binary_version":"4.15.0-1145.155"},{"binary_name":"linux-headers-4.15.0-1145-snapdragon","binary_version":"4.15.0-1145.155"},{"binary_name":"linux-image-4.15.0-1145-snapdragon","binary_version":"4.15.0-1145.155"},{"binary_name":"linux-modules-4.15.0-1145-snapdragon","binary_version":"4.15.0-1145.155"},{"binary_name":"linux-snapdragon-headers-4.15.0-1145","binary_version":"4.15.0-1145.155"},{"binary_name":"linux-snapdragon-tools-4.15.0-1145","binary_version":"4.15.0-1145.155"},{"binary_name":"linux-tools-4.15.0-1145-snapdragon","binary_version":"4.15.0-1145.155"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5862-1.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2022-2663","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-3646","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-3649","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-20369","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-26373","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-29900","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-29901","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-39842","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2022-41849","severity":[{"score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2022-41850","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2022-43750","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}}],"schema_version":"1.7.5"}