Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:186897
[Rus]
Version
1
Class
patch
ALTXid
403212
Language
English
Severity
High
Title
USN-5564-1 -- Linux kernel (Intel IoTG) vulnerabilities
Description
Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this tocause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2588)
Family
unix
Platform
Ubuntu 22.04
Product
linux-intel-iotg
Reference
VENDOR: USN-5564-1
VENDOR: USN-5564-1
Id:
USN-5564-1
Reference:
https://ubuntu.com/security/notices/USN-5564-1
CVE: CVE-2022-2588
CVE: CVE-2022-2588
Id:
CVE-2022-2588
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588
Comment
: It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
415 (Double Free)
References:
https://ubuntu.com/security/notices/USN-5565-1 ()
https://ubuntu.com/security/notices/USN-5562-1 ()
https://www.openwall.com/lists/oss-security/2022/08/09/6 ()
https://ubuntu.com/security/notices/USN-5582-1 ()
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588 ()
https://ubuntu.com/security/notices/USN-5564-1 ()
https://ubuntu.com/security/notices/USN-5566-1 ()
https://www.zerodayinitiative.com/advisories/ZDI-22-1117/ ()
https://ubuntu.com/security/notices/USN-5588-1 ()
https://ubuntu.com/security/notices/USN-5560-1 ()
https://github.com/Markakd/CVE-2022-2588 ()
https://ubuntu.com/security/notices/USN-5567-1 ()
https://ubuntu.com/security/notices/USN-5560-2 ()
https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u ()
https://ubuntu.com/security/notices/USN-5557-1 ()
CVE: CVE-2022-2586
CVE: CVE-2022-2586
Id:
CVE-2022-2586
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
Comment
: It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://ubuntu.com/security/notices/USN-5564-1 ()
https://ubuntu.com/security/notices/USN-5560-2 ()
https://ubuntu.com/security/notices/USN-5582-1 ()
https://ubuntu.com/security/notices/USN-5567-1 ()
https://ubuntu.com/security/notices/USN-5560-1 ()
https://ubuntu.com/security/notices/USN-5566-1 ()
https://www.openwall.com/lists/oss-security/2022/08/09/5 ()
https://ubuntu.com/security/notices/USN-5565-1 ()
https://www.zerodayinitiative.com/advisories/ZDI-22-1118/ ()
https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t ()
https://ubuntu.com/security/notices/USN-5562-1 ()
https://ubuntu.com/security/notices/USN-5557-1 ()
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586 ()
CVE: CVE-2022-2585
CVE: CVE-2022-2585
Id:
CVE-2022-2585
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585
Comment
: It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://ubuntu.com/security/notices/USN-5566-1 ()
https://ubuntu.com/security/notices/USN-5564-1 ()
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585 ()
https://ubuntu.com/security/notices/USN-5567-1 ()
https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u ()
https://www.openwall.com/lists/oss-security/2022/08/09/7 ()
https://ubuntu.com/security/notices/USN-5565-1 ()
CVE: CVE-2022-0500
CVE: CVE-2022-0500
Id:
CVE-2022-0500
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0500
Comment
: A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34d3a78c681e8e7844b43d1a2f4671a04249c821 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=20b2aff4bc15bda809f994761d5719827d66c0b4 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=48946bd6a5d695c50b34546864b79c1f910a33c1 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf9f2f8d62eca810afbd1ee6cc0800202b000e57 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=216e3cd2f28dbbf1fe86848e0e29e6693b9f0a20 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2044578 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4807322660d4290ac9062c034aed6b87243861 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c25b2ae136039ffa820c26138ed4a5e5f3ab3841 (MISC)
https://security.netapp.com/advisory/ntap-20220519-0001/ (CONFIRM)
CVE: CVE-2022-1652
CVE: CVE-2022-1652
Id:
CVE-2022-1652
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652
Comment
: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://francozappa.github.io/about-bias/ (MISC)
https://kb.cert.org/vuls/id/647177/ (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=1832397 (MISC)
DSA-5173 (DEBIAN)
https://security.netapp.com/advisory/ntap-20220722-0002/ (CONFIRM)
CVE: CVE-2022-1679
CVE: CVE-2022-1679
Id:
CVE-2022-1679
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1679
Comment
: A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://security.netapp.com/advisory/ntap-20220629-0007/ (CONFIRM)
[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update (MLIST)
[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update (MLIST)
https://lore.kernel.org/lkml/87ilqc7jv9.fsf%40kernel.org/t/ ()
CVE: CVE-2022-1734
CVE: CVE-2022-1734
Id:
CVE-2022-1734
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734
Comment
: A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
CVSSv2 Score:
4.4
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/torvalds/linux/commit/d270453a0d9ec10bb8a802a142fb1b3601a83098 (MISC)
[oss-security] 20220605 Re: Linux kernel: UAF, null-ptr-deref and double-free vulnerabilities in nfcmrvl module (MLIST)
[oss-security] 20220609 Re: Linux kernel: UAF, null-ptr-deref and double-free vulnerabilities in nfcmrvl module (MLIST)
[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update (MLIST)
DSA-5173 (DEBIAN)
https://security.netapp.com/advisory/ntap-20220707-0007/ (CONFIRM)
CVE: CVE-2022-1789
CVE: CVE-2022-1789
Id:
CVE-2022-1789
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789
Comment
: With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.8
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://francozappa.github.io/about-bias/ (MISC)
https://kb.cert.org/vuls/id/647177/ (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=1832397 (MISC)
DSA-5161 (DEBIAN)
FEDORA-2022-ef8c8a5925 ()
FEDORA-2022-be819b07a3 ()
FEDORA-2022-3b86247c11 ()
CVE: CVE-2022-1974
CVE: CVE-2022-1974
Id:
CVE-2022-1974
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1974
Comment
: A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
CVSSv3 Score:
4.1
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE:
367 (Time-of-check Time-of-use (TOCTOU) Race Condition)
References:
https://github.com/torvalds/linux/commit/da5c0f119203ad9728920456a0f52a6d850c01cd (MISC)
CVE: CVE-2022-1975
CVE: CVE-2022-1975
Id:
CVE-2022-1975
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1975
Comment
: There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
https://github.com/torvalds/linux/commit/4071bf121d59944d5cd2238de0642f3d7995a997 (MISC)
CVE: CVE-2022-28893
CVE: CVE-2022-28893
Id:
CVE-2022-28893
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28893
Comment
: The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a (MISC)
[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem (MLIST)
[oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem (MLIST)
[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem (MLIST)
https://security.netapp.com/advisory/ntap-20220526-0002/ (CONFIRM)
DSA-5161 (DEBIAN)
CVE: CVE-2022-29900
CVE: CVE-2022-29900
Id:
CVE-2022-29900
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900
Comment
: Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE:
212 (Improper Cross-boundary Removal of Sensitive Data)
References:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037 ()
FEDORA-2022-a0d7a5eaf2 ()
DSA-5207 ()
[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package ()
https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/ ()
GLSA-202402-07 ()
CVE: CVE-2022-29901
CVE: CVE-2022-29901
Id:
CVE-2022-29901
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901
Comment
: Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE:
668 (Exposure of Resource to Wrong Sphere)
References:
https://comsec.ethz.ch/retbleed ()
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html ()
[oss-security] 20220712 Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions ()
[oss-security] 20220712 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions ()
[oss-security] 20220712 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions ()
[oss-security] 20220713 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions ()
FEDORA-2022-c69ef9c1dd ()
FEDORA-2022-8aab5b5cde ()
DSA-5207 ()
[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package ()
https://security.netapp.com/advisory/ntap-20221007-0007/ ()
[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update ()
https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/ ()
GLSA-202402-07 ()
CVE: CVE-2022-33981
CVE: CVE-2022-33981
Id:
CVE-2022-33981
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33981
Comment
: drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
3.3
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE:
416 (Use After Free)
References:
https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf (MISC)
https://seclists.org/oss-sec/2022/q2/66 (MISC)
https://exchange.xforce.ibmcloud.com/vulnerabilities/225362 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6 (MISC)
[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update (MLIST)
DSA-5173 (DEBIAN)
CVE: CVE-2022-34918
CVE: CVE-2022-34918
Id:
CVE-2022-34918
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918
Comment
: An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6 (MISC)
https://www.openwall.com/lists/oss-security/2022/07/02/3 (MISC)
[oss-security] 20220705 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init (MLIST)
https://www.randorisec.fr/crack-linux-firewall/ (MISC)
DSA-5191 (DEBIAN)
[oss-security] 20220806 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init (MLIST)
https://security.netapp.com/advisory/ntap-20220826-0004/ (CONFIRM)
http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html (MISC)
http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html (MISC)
https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452%40randorisec.fr/T/#u ()
Content available only for registered users!
ovaldb@altx-soft.com