USN-5598-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-5598-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5598-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-5598-1
Upstream
Related
Published
2022-09-05T22:10:47.412060Z
Modified
2025-10-13T04:36:04Z
Summary
linux-oracle vulnerability
Details

It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

References

Affected packages

Ubuntu:18.04:LTS / linux-oracle

Package

Name
linux-oracle
Purl
pkg:deb/ubuntu/linux-oracle@4.15.0-1105.116?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.0-1105.116

Affected versions

4.*

4.15.0-1007.9
4.15.0-1008.10
4.15.0-1009.11
4.15.0-1010.12
4.15.0-1011.13
4.15.0-1013.15
4.15.0-1014.16
4.15.0-1015.17
4.15.0-1017.19
4.15.0-1018.20
4.15.0-1021.23
4.15.0-1022.25
4.15.0-1023.26
4.15.0-1025.28
4.15.0-1026.29
4.15.0-1027.30
4.15.0-1029.32
4.15.0-1030.33
4.15.0-1031.34
4.15.0-1033.36
4.15.0-1035.39
4.15.0-1037.41
4.15.0-1038.42
4.15.0-1039.43
4.15.0-1045.49
4.15.0-1047.51
4.15.0-1048.52
4.15.0-1050.54
4.15.0-1051.55
4.15.0-1053.57
4.15.0-1054.58
4.15.0-1057.62
4.15.0-1058.64
4.15.0-1059.65
4.15.0-1061.67
4.15.0-1062.68
4.15.0-1063.70
4.15.0-1064.71
4.15.0-1065.73
4.15.0-1066.74
4.15.0-1067.75
4.15.0-1068.76
4.15.0-1069.77
4.15.0-1070.78
4.15.0-1071.79
4.15.0-1072.80
4.15.0-1075.83
4.15.0-1078.86
4.15.0-1079.87
4.15.0-1080.88
4.15.0-1081.89
4.15.0-1082.90
4.15.0-1083.91
4.15.0-1084.92
4.15.0-1085.93
4.15.0-1086.94
4.15.0-1087.95
4.15.0-1089.98
4.15.0-1090.99
4.15.0-1091.100
4.15.0-1092.101
4.15.0-1093.102
4.15.0-1095.104
4.15.0-1098.108
4.15.0-1101.112
4.15.0-1102.113
4.15.0-1104.115

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "linux-buildinfo-4.15.0-1105-oracle",
            "binary_version": "4.15.0-1105.116"
        },
        {
            "binary_name": "linux-headers-4.15.0-1105-oracle",
            "binary_version": "4.15.0-1105.116"
        },
        {
            "binary_name": "linux-image-unsigned-4.15.0-1105-oracle",
            "binary_version": "4.15.0-1105.116"
        },
        {
            "binary_name": "linux-modules-4.15.0-1105-oracle",
            "binary_version": "4.15.0-1105.116"
        },
        {
            "binary_name": "linux-modules-extra-4.15.0-1105-oracle",
            "binary_version": "4.15.0-1105.116"
        },
        {
            "binary_name": "linux-oracle-headers-4.15.0-1105",
            "binary_version": "4.15.0-1105.116"
        },
        {
            "binary_name": "linux-oracle-tools-4.15.0-1105",
            "binary_version": "4.15.0-1105.116"
        },
        {
            "binary_name": "linux-tools-4.15.0-1105-oracle",
            "binary_version": "4.15.0-1105.116"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:18.04:LTS",
    "cves": [
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2021-33656"
        }
    ]
}