{"id":"USN-5884-1","summary":"linux-aws vulnerabilities","details":"\nKirill Tkhai discovered that the XFS file system implementation in the\nLinux kernel did not calculate size correctly when pre-allocating space in\nsome situations. A local attacker could use this to expose sensitive\ninformation. (CVE-2021-4155)\n\nLee Jones discovered that a use-after-free vulnerability existed in the\nBluetooth implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2022-20566)\n\nDuoming Zhou discovered that a race condition existed in the SLIP driver in\nthe Linux kernel, leading to a null pointer dereference vulnerability. An\nattacker could use this to cause a denial of service (system crash).\n(CVE-2022-41858)\n\nTamás Koczka discovered that the Bluetooth L2CAP implementation in the\nLinux kernel did not properly initialize memory in some situations. A\nphysically proximate attacker could possibly use this to expose sensitive\ninformation (kernel memory). (CVE-2022-42895)\n\nJosé Oliveira and Rodrigo Branco discovered that the prctl syscall\nimplementation in the Linux kernel did not properly protect against\nindirect branch prediction attacks in some situations. A local attacker\ncould possibly use this to expose sensitive information. (CVE-2023-0045)\n\nIt was discovered that the RNDIS USB driver in the Linux kernel contained\nan integer overflow vulnerability. A local attacker with physical access\ncould plug in a malicious USB device to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2023-23559)\n\n","modified":"2026-02-10T04:42:58Z","published":"2023-02-23T16:09:52Z","related":["UBUNTU-CVE-2021-4155","UBUNTU-CVE-2022-20566","UBUNTU-CVE-2022-41858","UBUNTU-CVE-2022-42895","UBUNTU-CVE-2023-0045","UBUNTU-CVE-2023-23559"],"upstream":["CVE-2021-4155","CVE-2022-20566","CVE-2022-41858","CVE-2022-42895","CVE-2023-0045","CVE-2023-23559","UBUNTU-CVE-2021-4155","UBUNTU-CVE-2022-20566","UBUNTU-CVE-2022-41858","UBUNTU-CVE-2022-42895","UBUNTU-CVE-2023-0045","UBUNTU-CVE-2023-23559"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5884-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-4155"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-20566"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-41858"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-42895"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-0045"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-23559"}],"affected":[{"package":{"name":"linux-aws","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/linux-aws@4.4.0-1154.169?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-1154.169"}]}],"versions":["4.4.0-1001.10","4.4.0-1003.12","4.4.0-1004.13","4.4.0-1007.16","4.4.0-1009.18","4.4.0-1011.20","4.4.0-1012.21","4.4.0-1013.22","4.4.0-1016.25","4.4.0-1017.26","4.4.0-1018.27","4.4.0-1020.29","4.4.0-1022.31","4.4.0-1026.35","4.4.0-1028.37","4.4.0-1030.39","4.4.0-1031.40","4.4.0-1032.41","4.4.0-1035.44","4.4.0-1037.46","4.4.0-1038.47","4.4.0-1039.48","4.4.0-1041.50","4.4.0-1043.52","4.4.0-1044.53","4.4.0-1047.56","4.4.0-1048.57","4.4.0-1049.58","4.4.0-1050.59","4.4.0-1052.61","4.4.0-1054.63","4.4.0-1055.64","4.4.0-1057.66","4.4.0-1060.69","4.4.0-1061.70","4.4.0-1062.71","4.4.0-1063.72","4.4.0-1065.75","4.4.0-1066.76","4.4.0-1067.77","4.4.0-1069.79","4.4.0-1070.80","4.4.0-1072.82","4.4.0-1073.83","4.4.0-1074.84","4.4.0-1075.85","4.4.0-1077.87","4.4.0-1079.89","4.4.0-1081.91","4.4.0-1083.93","4.4.0-1084.94","4.4.0-1085.96","4.4.0-1087.98","4.4.0-1088.99","4.4.0-1090.101","4.4.0-1092.103","4.4.0-1094.105","4.4.0-1095.106","4.4.0-1096.107","4.4.0-1098.109","4.4.0-1099.110","4.4.0-1100.111","4.4.0-1101.112","4.4.0-1102.113","4.4.0-1104.115","4.4.0-1105.116","4.4.0-1106.117","4.4.0-1107.118","4.4.0-1109.120","4.4.0-1110.121","4.4.0-1111.123","4.4.0-1112.124","4.4.0-1113.126","4.4.0-1114.127","4.4.0-1117.131","4.4.0-1118.132","4.4.0-1119.133","4.4.0-1121.135","4.4.0-1122.136","4.4.0-1123.137","4.4.0-1124.138","4.4.0-1126.140","4.4.0-1127.141","4.4.0-1128.142","4.4.0-1129.143","4.4.0-1130.144","4.4.0-1131.145","4.4.0-1132.146","4.4.0-1133.147","4.4.0-1134.148","4.4.0-1135.149","4.4.0-1137.151","4.4.0-1138.152","4.4.0-1139.153","4.4.0-1140.154","4.4.0-1143.158","4.4.0-1145.160","4.4.0-1146.161","4.4.0-1147.162","4.4.0-1148.163","4.4.0-1150.165","4.4.0-1151.166","4.4.0-1152.167","4.4.0-1153.168"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"linux-aws-cloud-tools-4.4.0-1154","binary_version":"4.4.0-1154.169"},{"binary_name":"linux-aws-headers-4.4.0-1154","binary_version":"4.4.0-1154.169"},{"binary_name":"linux-aws-tools-4.4.0-1154","binary_version":"4.4.0-1154.169"},{"binary_name":"linux-buildinfo-4.4.0-1154-aws","binary_version":"4.4.0-1154.169"},{"binary_name":"linux-cloud-tools-4.4.0-1154-aws","binary_version":"4.4.0-1154.169"},{"binary_name":"linux-headers-4.4.0-1154-aws","binary_version":"4.4.0-1154.169"},{"binary_name":"linux-image-4.4.0-1154-aws","binary_version":"4.4.0-1154.169"},{"binary_name":"linux-modules-4.4.0-1154-aws","binary_version":"4.4.0-1154.169"},{"binary_name":"linux-modules-extra-4.4.0-1154-aws","binary_version":"4.4.0-1154.169"},{"binary_name":"linux-tools-4.4.0-1154-aws","binary_version":"4.4.0-1154.169"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-4155"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-20566"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-41858"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-42895"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2023-0045"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-23559"}],"ecosystem":"Ubuntu:Pro:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5884-1.json"}}],"schema_version":"1.7.3"}