This issue is exploitable via unplugging the cable, which causes the efi_c8 device to be removed. An attacker can then plug the cable back in, which triggers the use-after-free.

CVE Solution: Update the kernel. As a best practice, it is recommended to reboot the system if a kernel update is being applied.

Another issue was discovered in the Linux kernel through 5.19.8. A race condition exists in the ext4 subsystem when mounting a ext4 image with extent map support that allows an attacker to cause a use-after-free or possibly cause a crash.

CVE Solution: Update the linux-ext4 package. As a best practice, it is recommended to reboot the system if a linux-ext4 update is being applied.

An issue was discovered in the Linux kernel through 5.19.8. There exists an incompatibility between CPU feature support and STT_GNSS virtualization. An attacker can exploit this by passing a user-mode process to an institution running a kernel with CPU feature support, thus causing a segmentation fault.

CVE Solution: Update the kernel. As a best practice, it is recommended to reboot the system if a kernel update is being applied.

An issue was discovered in the Linux kernel through 5.19.8. An unprivileged user with access to SUID root process could use this flaw to escalate their privileges on the system.

Linux Kernel - Spectre Variant 1

The Linux kernel through 5.19.8 is vulnerable to a privilege escalation flaw. A local unprivileged user, once they have gained administrator access, could exploit this flaw by running a specially crafted application that would use the cpu_show_spectre_v1() function to read sensitive kernel memory.

CVE Solution: Update the kernel. As a best practice, it is recommended to reboot the system if a kernel update is being applied.

An issue was discovered in the Linux kernel through 5.19.8 when CONFIG_X86_32_LAZY_GS is enabled and ftrace is disabled. An attacker with access to the same LDT can cause an information leak between userspace and kernelspace via unspecified vectors that allows for privilege escalation by overwriting values in GDT or LDT .

CVE Solution: Update the linux-firmware package and reboot the system if firmware updates are required.

Solution: Update the Linux kernel

As a best practice, it is recommended to reboot the system if a kernel update is being applied.

Bug Detection

& Fixing
If an issue does occur, the following steps can help prevent a vulnerability from becoming exploitable:
- Update the kernel
- Reboot the system if necessary

Timeline

Published on: 09/09/2022 05:15:00 UTC
Last modified on: 09/13/2022 20:15:00 UTC

References