Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7330: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-2585: kernel: posix cpu timer use-after-free may lead to local privilege escalation
Red Hat Security Data
#vulnerability#linux#red_hat#rpm#sap

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • posix cpu timer use-after-free may lead to local privilege escalation (CVE-2022-2585)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64

Fixes

  • BZ - 2114874 - CVE-2022-2585 kernel: posix cpu timer use-after-free may lead to local privilege escalation

Red Hat Enterprise Linux for x86_64 9

SRPM

kpatch-patch-5_14_0-70_13_1-1-4.el9_0.src.rpm

SHA-256: 8b60829b7474d65836f35942f81a32558e105d03c8aee1ef4c4c7d6153972cee

kpatch-patch-5_14_0-70_17_1-1-3.el9_0.src.rpm

SHA-256: a94ca6bef5539887f0bd324e40ae54a65dbcd1362e58b2717bf65e0577e9579f

kpatch-patch-5_14_0-70_22_1-1-3.el9_0.src.rpm

SHA-256: b6621519e2e7ad2d3a5c65823844702ed9b4bb6bc0c4fc97fadb971b3dee2462

kpatch-patch-5_14_0-70_26_1-1-2.el9_0.src.rpm

SHA-256: 8ac8d3b091ef654cd8ce24a72806958e9c5db26e7b4d6eb7d48a658dcaabdd17

x86_64

kpatch-patch-5_14_0-70_13_1-1-4.el9_0.x86_64.rpm

SHA-256: 157372b4f68d605672183baaec5311a547c6790ff67343bff17b201a1d7bec9b

kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.x86_64.rpm

SHA-256: 487ea08d660701b3ae02870cb8a84fb22ba05695cff47675c1dd4d19e20b6f16

kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.x86_64.rpm

SHA-256: 583d97fcab5016e63abb55941c963a7d0b72f832272710bb643d15f6a8406b3c

kpatch-patch-5_14_0-70_17_1-1-3.el9_0.x86_64.rpm

SHA-256: 3aa8dd746ab0c0b3f16be4b8e47f36f488d3ca19b253307d99d9d138520852c3

kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.x86_64.rpm

SHA-256: a515f8f9f9aa158df2fe13a3117d317f4065f9fc67f065cbe21c302bdcc561af

kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.x86_64.rpm

SHA-256: 338a039eeaf855a27b9652cd29d208aebc6760760b996ac5f8880afffc737889

kpatch-patch-5_14_0-70_22_1-1-3.el9_0.x86_64.rpm

SHA-256: e9cdd15ea0757af42044bda46f72f6ffc9ba8ebf1ab66df68240a1992f289293

kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.x86_64.rpm

SHA-256: c40105cf20e98b5d1da7baa8dab64f6974c0ac04ecc5cd739c1a8e34ee77ef61

kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.x86_64.rpm

SHA-256: 6ceafbdbb289d704d2058e91c0eb8987662be0175f54af3db735933abef074d9

kpatch-patch-5_14_0-70_26_1-1-2.el9_0.x86_64.rpm

SHA-256: 302947dabc57accad4977ab9e2a685c2a71e30d9803a13d6db754ae475d490ec

kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.x86_64.rpm

SHA-256: 0cb1868fac0200f8985ba39839e9d5c7cd087c78932031257e1e912ebf1a9958

kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.x86_64.rpm

SHA-256: f9734e033f45b2d473cb77e02aff978532c3391dd0360fa5f0ed0b24871ab387

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

kpatch-patch-5_14_0-70_13_1-1-4.el9_0.src.rpm

SHA-256: 8b60829b7474d65836f35942f81a32558e105d03c8aee1ef4c4c7d6153972cee

kpatch-patch-5_14_0-70_17_1-1-3.el9_0.src.rpm

SHA-256: a94ca6bef5539887f0bd324e40ae54a65dbcd1362e58b2717bf65e0577e9579f

kpatch-patch-5_14_0-70_22_1-1-3.el9_0.src.rpm

SHA-256: b6621519e2e7ad2d3a5c65823844702ed9b4bb6bc0c4fc97fadb971b3dee2462

kpatch-patch-5_14_0-70_26_1-1-2.el9_0.src.rpm

SHA-256: 8ac8d3b091ef654cd8ce24a72806958e9c5db26e7b4d6eb7d48a658dcaabdd17

x86_64

kpatch-patch-5_14_0-70_13_1-1-4.el9_0.x86_64.rpm

SHA-256: 157372b4f68d605672183baaec5311a547c6790ff67343bff17b201a1d7bec9b

kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.x86_64.rpm

SHA-256: 487ea08d660701b3ae02870cb8a84fb22ba05695cff47675c1dd4d19e20b6f16

kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.x86_64.rpm

SHA-256: 583d97fcab5016e63abb55941c963a7d0b72f832272710bb643d15f6a8406b3c

kpatch-patch-5_14_0-70_17_1-1-3.el9_0.x86_64.rpm

SHA-256: 3aa8dd746ab0c0b3f16be4b8e47f36f488d3ca19b253307d99d9d138520852c3

kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.x86_64.rpm

SHA-256: a515f8f9f9aa158df2fe13a3117d317f4065f9fc67f065cbe21c302bdcc561af

kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.x86_64.rpm

SHA-256: 338a039eeaf855a27b9652cd29d208aebc6760760b996ac5f8880afffc737889

kpatch-patch-5_14_0-70_22_1-1-3.el9_0.x86_64.rpm

SHA-256: e9cdd15ea0757af42044bda46f72f6ffc9ba8ebf1ab66df68240a1992f289293

kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.x86_64.rpm

SHA-256: c40105cf20e98b5d1da7baa8dab64f6974c0ac04ecc5cd739c1a8e34ee77ef61

kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.x86_64.rpm

SHA-256: 6ceafbdbb289d704d2058e91c0eb8987662be0175f54af3db735933abef074d9

kpatch-patch-5_14_0-70_26_1-1-2.el9_0.x86_64.rpm

SHA-256: 302947dabc57accad4977ab9e2a685c2a71e30d9803a13d6db754ae475d490ec

kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.x86_64.rpm

SHA-256: 0cb1868fac0200f8985ba39839e9d5c7cd087c78932031257e1e912ebf1a9958

kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.x86_64.rpm

SHA-256: f9734e033f45b2d473cb77e02aff978532c3391dd0360fa5f0ed0b24871ab387

Red Hat Enterprise Linux for Power, little endian 9

SRPM

kpatch-patch-5_14_0-70_13_1-1-4.el9_0.src.rpm

SHA-256: 8b60829b7474d65836f35942f81a32558e105d03c8aee1ef4c4c7d6153972cee

kpatch-patch-5_14_0-70_17_1-1-3.el9_0.src.rpm

SHA-256: a94ca6bef5539887f0bd324e40ae54a65dbcd1362e58b2717bf65e0577e9579f

kpatch-patch-5_14_0-70_22_1-1-3.el9_0.src.rpm

SHA-256: b6621519e2e7ad2d3a5c65823844702ed9b4bb6bc0c4fc97fadb971b3dee2462

kpatch-patch-5_14_0-70_26_1-1-2.el9_0.src.rpm

SHA-256: 8ac8d3b091ef654cd8ce24a72806958e9c5db26e7b4d6eb7d48a658dcaabdd17

ppc64le

kpatch-patch-5_14_0-70_13_1-1-4.el9_0.ppc64le.rpm

SHA-256: 772a475327e176091e6f8c898d6ec3072b5bfc4672b9849c4e5165b83d9ac400

kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.ppc64le.rpm

SHA-256: 244dffa7ac4f8fb3dd0d68e2859486340e7098f1b23acb52d840e98ab408d716

kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.ppc64le.rpm

SHA-256: 37e651ddba3485379e9aba4ede457cd6fdf2c42bfc3bdc5565a99b368fb2b593

kpatch-patch-5_14_0-70_17_1-1-3.el9_0.ppc64le.rpm

SHA-256: fbf6083711c658401f6f00a8b65e4d94e21852937f32477f3a28efe2e31c85ad

kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.ppc64le.rpm

SHA-256: 58461ab4adce608f0164223cfe2bc89ec63cb6fb5098939caa2c63c253338d13

kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.ppc64le.rpm

SHA-256: b7525f22e278b09ce2877df068c89e6a76c658c4ae013c23048648af5c583c05

kpatch-patch-5_14_0-70_22_1-1-3.el9_0.ppc64le.rpm

SHA-256: d37c37c892aec925526378e317758de0f204319806f3c17fe3896828797c4aa7

kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.ppc64le.rpm

SHA-256: 9f849e9b87e1822d887cee35a448f2b53be58dccd3350ca9000130d6b49b4b85

kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.ppc64le.rpm

SHA-256: 78a5e21238b3ab3302518cab7ee1b483589067c5d501397a63fe30606b847193

kpatch-patch-5_14_0-70_26_1-1-2.el9_0.ppc64le.rpm

SHA-256: 13393d388dc865fecc30a9e644f3e38e70a55e3dbbcd3d48cec17f1dabbe6b52

kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.ppc64le.rpm

SHA-256: 552b452dce3cddd30af66baa6dcfb78533358fcd02d1b35b02ecf363fb151f37

kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.ppc64le.rpm

SHA-256: e3d9015f11b879fcbed75cdd6826d467db1e70eb59f9872d2d19abdecd406214

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

kpatch-patch-5_14_0-70_13_1-1-4.el9_0.src.rpm

SHA-256: 8b60829b7474d65836f35942f81a32558e105d03c8aee1ef4c4c7d6153972cee

kpatch-patch-5_14_0-70_17_1-1-3.el9_0.src.rpm

SHA-256: a94ca6bef5539887f0bd324e40ae54a65dbcd1362e58b2717bf65e0577e9579f

kpatch-patch-5_14_0-70_22_1-1-3.el9_0.src.rpm

SHA-256: b6621519e2e7ad2d3a5c65823844702ed9b4bb6bc0c4fc97fadb971b3dee2462

kpatch-patch-5_14_0-70_26_1-1-2.el9_0.src.rpm

SHA-256: 8ac8d3b091ef654cd8ce24a72806958e9c5db26e7b4d6eb7d48a658dcaabdd17

ppc64le

kpatch-patch-5_14_0-70_13_1-1-4.el9_0.ppc64le.rpm

SHA-256: 772a475327e176091e6f8c898d6ec3072b5bfc4672b9849c4e5165b83d9ac400

kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.ppc64le.rpm

SHA-256: 244dffa7ac4f8fb3dd0d68e2859486340e7098f1b23acb52d840e98ab408d716

kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.ppc64le.rpm

SHA-256: 37e651ddba3485379e9aba4ede457cd6fdf2c42bfc3bdc5565a99b368fb2b593

kpatch-patch-5_14_0-70_17_1-1-3.el9_0.ppc64le.rpm

SHA-256: fbf6083711c658401f6f00a8b65e4d94e21852937f32477f3a28efe2e31c85ad

kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.ppc64le.rpm

SHA-256: 58461ab4adce608f0164223cfe2bc89ec63cb6fb5098939caa2c63c253338d13

kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.ppc64le.rpm

SHA-256: b7525f22e278b09ce2877df068c89e6a76c658c4ae013c23048648af5c583c05

kpatch-patch-5_14_0-70_22_1-1-3.el9_0.ppc64le.rpm

SHA-256: d37c37c892aec925526378e317758de0f204319806f3c17fe3896828797c4aa7

kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.ppc64le.rpm

SHA-256: 9f849e9b87e1822d887cee35a448f2b53be58dccd3350ca9000130d6b49b4b85

kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.ppc64le.rpm

SHA-256: 78a5e21238b3ab3302518cab7ee1b483589067c5d501397a63fe30606b847193

kpatch-patch-5_14_0-70_26_1-1-2.el9_0.ppc64le.rpm

SHA-256: 13393d388dc865fecc30a9e644f3e38e70a55e3dbbcd3d48cec17f1dabbe6b52

kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.ppc64le.rpm

SHA-256: 552b452dce3cddd30af66baa6dcfb78533358fcd02d1b35b02ecf363fb151f37

kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.ppc64le.rpm

SHA-256: e3d9015f11b879fcbed75cdd6826d467db1e70eb59f9872d2d19abdecd406214

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

kpatch-patch-5_14_0-70_13_1-1-4.el9_0.src.rpm

SHA-256: 8b60829b7474d65836f35942f81a32558e105d03c8aee1ef4c4c7d6153972cee

kpatch-patch-5_14_0-70_17_1-1-3.el9_0.src.rpm

SHA-256: a94ca6bef5539887f0bd324e40ae54a65dbcd1362e58b2717bf65e0577e9579f

kpatch-patch-5_14_0-70_22_1-1-3.el9_0.src.rpm

SHA-256: b6621519e2e7ad2d3a5c65823844702ed9b4bb6bc0c4fc97fadb971b3dee2462

kpatch-patch-5_14_0-70_26_1-1-2.el9_0.src.rpm

SHA-256: 8ac8d3b091ef654cd8ce24a72806958e9c5db26e7b4d6eb7d48a658dcaabdd17

ppc64le

kpatch-patch-5_14_0-70_13_1-1-4.el9_0.ppc64le.rpm

SHA-256: 772a475327e176091e6f8c898d6ec3072b5bfc4672b9849c4e5165b83d9ac400

kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.ppc64le.rpm

SHA-256: 244dffa7ac4f8fb3dd0d68e2859486340e7098f1b23acb52d840e98ab408d716

kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.ppc64le.rpm

SHA-256: 37e651ddba3485379e9aba4ede457cd6fdf2c42bfc3bdc5565a99b368fb2b593

kpatch-patch-5_14_0-70_17_1-1-3.el9_0.ppc64le.rpm

SHA-256: fbf6083711c658401f6f00a8b65e4d94e21852937f32477f3a28efe2e31c85ad

kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.ppc64le.rpm

SHA-256: 58461ab4adce608f0164223cfe2bc89ec63cb6fb5098939caa2c63c253338d13

kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.ppc64le.rpm

SHA-256: b7525f22e278b09ce2877df068c89e6a76c658c4ae013c23048648af5c583c05

kpatch-patch-5_14_0-70_22_1-1-3.el9_0.ppc64le.rpm

SHA-256: d37c37c892aec925526378e317758de0f204319806f3c17fe3896828797c4aa7

kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.ppc64le.rpm

SHA-256: 9f849e9b87e1822d887cee35a448f2b53be58dccd3350ca9000130d6b49b4b85

kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.ppc64le.rpm

SHA-256: 78a5e21238b3ab3302518cab7ee1b483589067c5d501397a63fe30606b847193

kpatch-patch-5_14_0-70_26_1-1-2.el9_0.ppc64le.rpm

SHA-256: 13393d388dc865fecc30a9e644f3e38e70a55e3dbbcd3d48cec17f1dabbe6b52

kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.ppc64le.rpm

SHA-256: 552b452dce3cddd30af66baa6dcfb78533358fcd02d1b35b02ecf363fb151f37

kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.ppc64le.rpm

SHA-256: e3d9015f11b879fcbed75cdd6826d467db1e70eb59f9872d2d19abdecd406214

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

kpatch-patch-5_14_0-70_13_1-1-4.el9_0.src.rpm

SHA-256: 8b60829b7474d65836f35942f81a32558e105d03c8aee1ef4c4c7d6153972cee

kpatch-patch-5_14_0-70_17_1-1-3.el9_0.src.rpm

SHA-256: a94ca6bef5539887f0bd324e40ae54a65dbcd1362e58b2717bf65e0577e9579f

kpatch-patch-5_14_0-70_22_1-1-3.el9_0.src.rpm

SHA-256: b6621519e2e7ad2d3a5c65823844702ed9b4bb6bc0c4fc97fadb971b3dee2462

kpatch-patch-5_14_0-70_26_1-1-2.el9_0.src.rpm

SHA-256: 8ac8d3b091ef654cd8ce24a72806958e9c5db26e7b4d6eb7d48a658dcaabdd17

x86_64

kpatch-patch-5_14_0-70_13_1-1-4.el9_0.x86_64.rpm

SHA-256: 157372b4f68d605672183baaec5311a547c6790ff67343bff17b201a1d7bec9b

kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.x86_64.rpm

SHA-256: 487ea08d660701b3ae02870cb8a84fb22ba05695cff47675c1dd4d19e20b6f16

kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.x86_64.rpm

SHA-256: 583d97fcab5016e63abb55941c963a7d0b72f832272710bb643d15f6a8406b3c

kpatch-patch-5_14_0-70_17_1-1-3.el9_0.x86_64.rpm

SHA-256: 3aa8dd746ab0c0b3f16be4b8e47f36f488d3ca19b253307d99d9d138520852c3

kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.x86_64.rpm

SHA-256: a515f8f9f9aa158df2fe13a3117d317f4065f9fc67f065cbe21c302bdcc561af

kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.x86_64.rpm

SHA-256: 338a039eeaf855a27b9652cd29d208aebc6760760b996ac5f8880afffc737889

kpatch-patch-5_14_0-70_22_1-1-3.el9_0.x86_64.rpm

SHA-256: e9cdd15ea0757af42044bda46f72f6ffc9ba8ebf1ab66df68240a1992f289293

kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.x86_64.rpm

SHA-256: c40105cf20e98b5d1da7baa8dab64f6974c0ac04ecc5cd739c1a8e34ee77ef61

kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.x86_64.rpm

SHA-256: 6ceafbdbb289d704d2058e91c0eb8987662be0175f54af3db735933abef074d9

kpatch-patch-5_14_0-70_26_1-1-2.el9_0.x86_64.rpm

SHA-256: 302947dabc57accad4977ab9e2a685c2a71e30d9803a13d6db754ae475d490ec

kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.x86_64.rpm

SHA-256: 0cb1868fac0200f8985ba39839e9d5c7cd087c78932031257e1e912ebf1a9958

kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.x86_64.rpm

SHA-256: f9734e033f45b2d473cb77e02aff978532c3391dd0360fa5f0ed0b24871ab387

Related news

CVE-2023-33953: Security Bulletins

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

Red Hat Security Advisory 2022-7318-01

Red Hat Security Advisory 2022-7318-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-7330-01

Red Hat Security Advisory 2022-7330-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-7319-01

Red Hat Security Advisory 2022-7319-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2022:7318: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2585: kernel: posix cpu timer use-after-free may lead to local privilege escalation * CVE-2022-30594: kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option

RHSA-2022:7319: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2585: kernel: posix cpu timer use-after-free may lead to local privilege escalation * CVE-2022-30594: kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option

CVE-2022-41686: en/security-disclosure/2022/2022-10.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

Kernel Live Patch Security Notice LSN-0089-1

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. Various other vulnerabilities were also discovered.

Ubuntu Security Notice USN-5567-1

Ubuntu Security Notice 5567-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5566-1

Ubuntu Security Notice 5566-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5565-1

Ubuntu Security Notice 5565-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5564-1

Ubuntu Security Notice 5564-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.