Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:219359
[Eng]
Version
2
Class
patch
ALTXid
443267
Language
Russian
Severity
Critical
Title
Обновление ROSA-SA-2023-2189 -- устранение уязвимостей в kernel-ml
Description
Исправление уязвимостей: CVE-2023-31085, CVE-2023-2124, CVE-2022-41674, CVE-2022-42720, CVE-2022-42719, CVE-2022-2602, CVE-2022-43995, CVE-2022-42896, CVE-2023-1998, CVE-2023-2156, CVE-2022-4378, CVE-2022-47939, CVE-2022-47940, CVE-2022-4378
Family
unix
Platform
ROSA Cobalt 7.9
Product
kernel-ml
Reference
VENDOR: ROSA-SA-2023-2189
VENDOR: ROSA-SA-2023-2189
Id:
ROSA-SA-2023-2189
Reference:
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2189
CVE: CVE-2023-31085
CVE: CVE-2023-31085
Id:
CVE-2023-31085
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31085
Comment
: An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
369 (Divide By Zero)
References:
https://security.netapp.com/advisory/ntap-20230929-0003/ (CONFIRM)
https://lore.kernel.org/all/687864524.118195.1681799447034.JavaMail.zimbra%40nod.at/ ()
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=017c73a34a661a861712f7cc1393a123e5b2208c ()
CVE: CVE-2023-2124
CVE: CVE-2023-2124
Id:
CVE-2023-2124
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2124
Comment
: An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/xfs/xfs_buf_item_recover.c?h=v6.4-rc1&id=22ed903eee23a5b174e240f1cdfa9acf393a5210 (MISC)
https://syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e (MISC)
https://security.netapp.com/advisory/ntap-20230622-0010/ (CONFIRM)
DSA-5448 (DEBIAN)
DSA-5480 (DEBIAN)
[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update (MLIST)
CVE: CVE-2022-41674
CVE: CVE-2022-41674
Id:
CVE-2022-41674
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41674
Comment
: An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
CVSSv3 Score:
8.1
Attack vector:
ADJACENT_NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/mac80211/scan.c (MISC)
https://www.openwall.com/lists/oss-security/2022/10/13/5 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d (MISC)
https://bugzilla.suse.com/show_bug.cgi?id=1203770 (MISC)
http://www.openwall.com/lists/oss-security/2022/10/13/2 (MISC)
DSA-5257 (DEBIAN)
[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update (MLIST)
http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html (MISC)
FEDORA-2022-2cfbe17910 ()
FEDORA-2022-b948fc3cfb ()
FEDORA-2022-1a5b125ac6 ()
CVE: CVE-2022-42720
CVE: CVE-2022-42720
Id:
CVE-2022-42720
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42720
Comment
: Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://bugzilla.suse.com/show_bug.cgi?id=1204059 (MISC)
http://www.openwall.com/lists/oss-security/2022/10/13/5 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f (MISC)
DSA-5257 (DEBIAN)
[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update (MLIST)
http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html (MISC)
https://security.netapp.com/advisory/ntap-20230203-0008/ (CONFIRM)
FEDORA-2022-2cfbe17910 ()
FEDORA-2022-b948fc3cfb ()
FEDORA-2022-1a5b125ac6 ()
CVE: CVE-2022-42719
CVE: CVE-2022-42719
Id:
CVE-2022-42719
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42719
Comment
: A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
CVSSv3 Score:
8.8
Attack vector:
ADJACENT_NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6 (MISC)
https://bugzilla.suse.com/show_bug.cgi?id=1204051 (MISC)
http://www.openwall.com/lists/oss-security/2022/10/13/5 (MISC)
http://www.openwall.com/lists/oss-security/2022/10/13/2 (MISC)
DSA-5257 (DEBIAN)
[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update (MLIST)
https://security.netapp.com/advisory/ntap-20230203-0008/ (CONFIRM)
http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html (MISC)
FEDORA-2022-2cfbe17910 ()
FEDORA-2022-b948fc3cfb ()
FEDORA-2022-1a5b125ac6 ()
CVE: CVE-2022-2602
CVE: CVE-2022-2602
Id:
CVE-2022-2602
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602
Comment
: io_uring UAF, Unix SCM garbage collection
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://ubuntu.com/security/notices/USN-5692-1 ()
https://ubuntu.com/security/notices/USN-5752-1 ()
https://ubuntu.com/security/notices/USN-5693-1 ()
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602 ()
https://ubuntu.com/security/notices/USN-5691-1 ()
https://ubuntu.com/security/notices/USN-5700-1 ()
http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html ()
CVE: CVE-2022-43995
CVE: CVE-2022-43995
Id:
CVE-2022-43995
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43995
Comment
: Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
CVSSv3 Score:
7.1
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050 (MISC)
https://www.sudo.ws/security/advisories/ (MISC)
https://news.ycombinator.com/item?id=33465707 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2139911 (MISC)
GLSA-202211-08 (GENTOO)
CVE: CVE-2022-42896
CVE: CVE-2022-42896
Id:
CVE-2022-42896
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42896
Comment
: There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url
CVSSv3 Score:
8.8
Attack vector:
ADJACENT_NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4 (MISC)
https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 (MISC)
CVE: CVE-2023-1998
CVE: CVE-2023-1998
Id:
CVE-2023-1998
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1998
Comment
: The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.
CVSSv3 Score:
5.6
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE:
203 (Information Exposure Through Discrepancy)
References:
https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d (MISC)
https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx (MISC)
https://github.com/torvalds/linux/commit/6921ed9049bc7457f66c1596c5b78aec0dae4a9d (MISC)
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html (MISC)
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html (MISC)
CVE: CVE-2023-2156
CVE: CVE-2023-2156
Id:
CVE-2023-2156
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2156
Comment
: A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
617 (Reachable Assertion)
References:
https://www.zerodayinitiative.com/advisories/ZDI-23-547/ (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2196292 (MISC)
[oss-security] 20230517 Re: IPv6 and Route of Death (MLIST)
[oss-security] 20230517 Re: IPv6 and Route of Death (MLIST)
[oss-security] 20230518 Re: IPv6 and Route of Death (MLIST)
[oss-security] 20230519 Re: IPv6 and Route of Death (MLIST)
https://security.netapp.com/advisory/ntap-20230622-0001/ (CONFIRM)
DSA-5448 (DEBIAN)
DSA-5453 (DEBIAN)
[debian-lts-announce] 20230802 [SECURITY] [DLA 3512-1] linux-5.10 security update (MLIST)
CVE: CVE-2022-4378
CVE: CVE-2022-4378
Id:
CVE-2022-4378
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4378
Comment
: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://seclists.org/oss-sec/2022/q4/178 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2152548 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch (MISC)
http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html (MISC)
CVE: CVE-2022-47939
CVE: CVE-2022-47939
Id:
CVE-2022-47939
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47939
Comment
: An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/torvalds/linux/commit/cf6531d98190fa2cf92a6d8bbc8af0a4740a223c (MISC)
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2 (MISC)
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf6531d98190fa2cf92a6d8bbc8af0a4740a223c (MISC)
[oss-security] 20221223 Re: Details on this supposed Linux Kernel ksmbd RCE (MLIST)
https://www.zerodayinitiative.com/advisories/ZDI-22-1690/ (MISC)
https://www.secpod.com/blog/zero-day-server-message-block-smb-server-in-linux-kernel-5-15-has-a-critical-vulnerability-patch-ksmbd-immediately/ (MISC)
CVE: CVE-2022-47940
CVE: CVE-2022-47940
Id:
CVE-2022-47940
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47940
Comment
: An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.
CVSSv3 Score:
8.1
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/torvalds/linux/commit/158a66b245739e15858de42c0ba60fcf3de9b8e6 (MISC)
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=158a66b245739e15858de42c0ba60fcf3de9b8e6 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.18 (MISC)
[oss-security] 20221223 Re: Details on this supposed Linux Kernel ksmbd RCE (MLIST)
CVE: CVE-2022-4378
CVE: CVE-2022-4378
Id:
CVE-2022-4378
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4378
Comment
: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://seclists.org/oss-sec/2022/q4/178 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2152548 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch (MISC)
http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html (MISC)
Content available only for registered users!
ovaldb@altx-soft.com