Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:188972
[Rus]
Version
1
Class
patch
ALTXid
406220
Language
English
Severity
High
Title
SUSE-SU-2022:3293-1 -- Security update for the Linux Kernel
Description
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
Family
unix
Platform
openSUSE Leap 15.4
Product
Linux Kernel
Reference
VENDOR: SUSE-SU-2022:3293-1
VENDOR: SUSE-SU-2022:3293-1
Id:
SUSE-SU-2022:3293-1
Reference:
https://www.suse.com/support/update/announcement/2022/SUSE-SU-20223293-1/
CVE: CVE-2016-3695
CVE: CVE-2016-3695
Id:
CVE-2016-3695
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3695
Comment
: The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'))
References:
https://github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1322755 (CONFIRM)
102327 (BID)
CVE: CVE-2020-36516
CVE: CVE-2020-36516
Id:
CVE-2020-36516
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36516
Comment
: An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
CVSSv2 Score:
4.9
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:P
CVSSv3 Score:
5.9
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CWE:
327 (Use of a Broken or Risky Cryptographic Algorithm)
References:
https://dl.acm.org/doi/10.1145/3372297.3417884 (MISC)
https://security.netapp.com/advisory/ntap-20220331-0003/ (CONFIRM)
CVE: CVE-2021-33135
CVE: CVE-2021-33135
Id:
CVE-2021-33135
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33135
Comment
: Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html (MISC)
CVE: CVE-2021-4037
CVE: CVE-2021-4037
Id:
CVE-2021-4037
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4037
Comment
: A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
284 (Improper Access Control)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2027239 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=01ea173e103e (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848 (MISC)
https://access.redhat.com/security/cve/CVE-2021-4037 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2004810 (MISC)
DSA-5257 (DEBIAN)
[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update (MLIST)
CVE: CVE-2022-20368
CVE: CVE-2022-20368
Id:
CVE-2022-20368
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20368
Comment
: Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
https://source.android.com/security/bulletin/pixel/2022-08-01 (MISC)
CVE: CVE-2022-20369
CVE: CVE-2022-20369
Id:
CVE-2022-20369
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20369
Comment
: In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel
CVSSv3 Score:
6.7
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://source.android.com/security/bulletin/pixel/2022-08-01 (MISC)
[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update (MLIST)
CVE: CVE-2022-2588
CVE: CVE-2022-2588
Id:
CVE-2022-2588
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588
Comment
: It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
415 (Double Free)
References:
https://ubuntu.com/security/notices/USN-5565-1 ()
https://ubuntu.com/security/notices/USN-5562-1 ()
https://www.openwall.com/lists/oss-security/2022/08/09/6 ()
https://ubuntu.com/security/notices/USN-5582-1 ()
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588 ()
https://ubuntu.com/security/notices/USN-5564-1 ()
https://ubuntu.com/security/notices/USN-5566-1 ()
https://www.zerodayinitiative.com/advisories/ZDI-22-1117/ ()
https://ubuntu.com/security/notices/USN-5588-1 ()
https://ubuntu.com/security/notices/USN-5560-1 ()
https://github.com/Markakd/CVE-2022-2588 ()
https://ubuntu.com/security/notices/USN-5567-1 ()
https://ubuntu.com/security/notices/USN-5560-2 ()
https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u ()
https://ubuntu.com/security/notices/USN-5557-1 ()
CVE: CVE-2022-2639
CVE: CVE-2022-2639
Id:
CVE-2022-2639
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2639
Comment
: An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
681 (Incorrect Conversion between Numeric Types)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2084479 (MISC)
https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8 (MISC)
CVE: CVE-2022-2663
CVE: CVE-2022-2663
Id:
CVE-2022-2663
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2663
Comment
: An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
CVSSv3 Score:
5.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE:
923 ()
References:
https://www.openwall.com/lists/oss-security/2022/08/30/1 (MISC)
[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update (MLIST)
https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663 (MISC)
https://www.youtube.com/watch?v=WIq-YgQuYCA (MISC)
DSA-5257 (DEBIAN)
[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update (MLIST)
https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/ (MISC)
CVE: CVE-2022-28356
CVE: CVE-2022-28356
Id:
CVE-2022-28356
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28356
Comment
: In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
CWE-Other ()
References:
https://github.com/torvalds/linux/commit/764f4eb6846f5475f1244767d24d25dd86528a4a (MISC)
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1 (MISC)
[oss-security] 20220406 CVE-2022-28356: Linux kernel: refcount leak in llc_ui_bind and llc_ui_autobind (MLIST)
DSA-5127 (DEBIAN)
https://security.netapp.com/advisory/ntap-20220506-0006/ (CONFIRM)
[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update (MLIST)
DSA-5173 (DEBIAN)
CVE: CVE-2022-28693
CVE: CVE-2022-2873
CVE: CVE-2022-2873
Id:
CVE-2022-2873
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2873
Comment
: An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
131 (Incorrect Calculation of Buffer Size)
References:
https://security.netapp.com/advisory/ntap-20230120-0001/ (CONFIRM)
DSA-5324 (DEBIAN)
[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update (MLIST)
[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update (MLIST)
https://lore.kernel.org/lkml/20220729093451.551672-1-zheyuma97%40gmail.com/T/ ()
CVE: CVE-2022-2905
CVE: CVE-2022-2905
Id:
CVE-2022-2905
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2905
Comment
: An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2121800 (MISC)
[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update (MLIST)
https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel%40iogearbox.net/ ()
CVE: CVE-2022-2938
CVE: CVE-2022-2938
Id:
CVE-2022-2938
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2938
Comment
: A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848 (MISC)
https://security.netapp.com/advisory/ntap-20221223-0002/ (CONFIRM)
CVE: CVE-2022-2959
CVE: CVE-2022-2959
Id:
CVE-2022-2959
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2959
Comment
: A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
https://www.zerodayinitiative.com/advisories/ZDI-22-1165/ (MISC)
https://github.com/torvalds/linux/commit/189b0ddc245139af81198d1a3637cac74f96e13a (MISC)
https://security.netapp.com/advisory/ntap-20230214-0005/ (CONFIRM)
CVE: CVE-2022-2977
CVE: CVE-2022-2977
Id:
CVE-2022-2977
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2977
Comment
: A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f (MISC)
https://security.netapp.com/advisory/ntap-20230214-0006/ (CONFIRM)
CVE: CVE-2022-3028
CVE: CVE-2022-3028
Id:
CVE-2022-3028
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3028
Comment
: A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 (MISC)
[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update (MLIST)
[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update (MLIST)
https://security.netapp.com/advisory/ntap-20230214-0004/ (CONFIRM)
https://lore.kernel.org/all/YtoWqEkKzvimzWS5%40gondor.apana.org.au/T/ ()
FEDORA-2022-6835ddb6d8 ()
FEDORA-2022-35c14ba5bb ()
FEDORA-2022-ccb0138bb6 ()
CVE: CVE-2022-3078
CVE: CVE-2022-3078
Id:
CVE-2022-3078
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3078
Comment
: An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=e6a21a14106d9718aa4f8e115b1e474888eeba44 (MISC)
CVE: CVE-2022-32250
CVE: CVE-2022-32250
Id:
CVE-2022-32250
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32250
Comment
: net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://www.openwall.com/lists/oss-security/2022/05/31/1 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd (MISC)
[oss-security] 20220603 Re: Linux Kernel use-after-free write in netfilter (MLIST)
[oss-security] 20220604 Re: Linux Kernel use-after-free write in netfilter (MLIST)
https://www.debian.org/security/2022/dsa-5161 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2092427 (MISC)
[oss-security] 20220620 Re: Linux Kernel use-after-free write in netfilter (MLIST)
[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update (MLIST)
[oss-security] 20220703 Re: Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250? (MLIST)
[oss-security] 20220703 Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250? (MLIST)
DSA-5173 (DEBIAN)
https://security.netapp.com/advisory/ntap-20220715-0005/ (CONFIRM)
[oss-security] 20220825 Re: Linux Kernel use-after-free write in netfilter (MLIST)
https://github.com/theori-io/CVE-2022-32250-exploit (MISC)
https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/ (MISC)
[oss-security] 20220902 Re: Linux Kernel use-after-free write in netfilter (MLIST)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/ ()
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/ ()
CVE: CVE-2022-36879
CVE: CVE-2022-36879
Id:
CVE-2022-36879
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36879
Comment
: An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
CWE-Other ()
References:
https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901 (MISC)
DSA-5207 (DEBIAN)
https://security.netapp.com/advisory/ntap-20220901-0007/ (CONFIRM)
[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package (MLIST)
[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update (MLIST)
CVE: CVE-2022-36946
CVE: CVE-2022-36946
Id:
CVE-2022-36946
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36946
Comment
: nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
https://marc.info/?l=netfilter-devel&m=165883202007292&w=2 (MISC)
DSA-5207 (DEBIAN)
https://security.netapp.com/advisory/ntap-20220901-0007/ (CONFIRM)
[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package (MLIST)
[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update (MLIST)
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164 ()
CVE: CVE-2022-39188
CVE: CVE-2022-39188
Id:
CVE-2022-39188
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39188
Comment
: An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.
CVSSv3 Score:
4.7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
https://github.com/torvalds/linux/commit/b67fbebd4cf980aecbcc750e1462128bffe8ae15 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19 (MISC)
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b67fbebd4cf980aecbcc750e1462128bffe8ae15 (MISC)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2329 (MISC)
[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update (MLIST)
DSA-5257 (DEBIAN)
[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update (MLIST)
https://lore.kernel.org/stable/CAG48ez3SEqOPcPCYGHVZv4iqEApujD5VtM3Re-tCKLDEFdEdbg%40mail.gmail.com/ ()
CVE: CVE-2022-39190
CVE: CVE-2022-39190
Id:
CVE-2022-39190
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39190
Comment
: An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
CWE-Other ()
References:
https://github.com/torvalds/linux/commit/e02f0d3970404bfea385b6edb86f2d936db0ea2b (MISC)
https://twitter.com/pr0Ln (MISC)
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6 (MISC)
[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update (MLIST)
https://lore.kernel.org/all/20220824220330.64283-12-pablo%40netfilter.org/ ()
Content available only for registered users!
ovaldb@altx-soft.com