The new Linux kernel update comes just a few days after the previous Ubuntu major update one and only patches two flaws, namely CVE-2022-1055, a use-after-free vulnerability discovered in the network traffic control implementation, and CVE-2022-27666, a security issue discovered in the IPsec implementation that could lead to a heap-based buffer overflow.
Both of these flaws could allow a local attacker to crash the vulnerable system by causing a denial of service or possibly execute arbitrary code, but the CVE-2022-1055 flaw could also allow a local attacker to gain privilege escalation. As such, CVE-2022-1055 is marked with a “high” priority while CVE-2022-27666 has a priority status of “medium”.