After the release of Ubuntu 22.04 LTS on the 22nd of April this year, the operating system and its kernel have received various patches for security. Now, Canonical is patching three new vulnerabilities to ensure its latest long-term-support operating system’s security.
Affects many Ubuntu systems
The first vulnerability resides in the Network Queuing and Scheduling subsystem which can be tracked as CVE-2022-29581 and has a CVSS score of 7.8. It allows local attackers to cause privilege escalation to the root level and DoS attacks. The vulnerability affects the Linux kernel versions 4.14 and newer ones, excluding 5.18 and many Ubuntu releases such as 22.04 LTS, 21.10, 20.04 LTS, 18.04 LTS, and 16.04 ESM.
The second one, which can be tracked with CVE-2022-30594, is a high severity vulnerability that has a CVSS score of 7.8 as well. It is a bug that causes mishandling of seccomp permissions. This issue allows attackers to bypass seccomp sandbox restrictions. It affects the same Ubuntu releases as the first vulnerability.
CVE-2022-1116 is an integer overflow vulnerability in io_uring of the Linux kernel. This vulnerability is also exploitable only with local access, allowing the attacker to cause memory corruption for system crashes as well as the escalation of privileges to the root level. It affects the Ubuntu 20.04 LTS and 18.04 LTS systems that use Linux kernel 5.4.
The updates are currently being distributed via the Software Updater tool in Ubuntu operating systems. You can also use the following commands to apply the patches to your system:
sudo apt update
sudo apt full-upgrade