Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7683: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim’s TCP session
  • CVE-2020-36558: kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference
  • CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg()
  • CVE-2021-30002: kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c
  • CVE-2022-0168: kernel: smb2_ioctl_query_info NULL pointer dereference
  • CVE-2022-0617: kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback
  • CVE-2022-0854: kernel: swiotlb information leak with DMA_FROM_DEVICE
  • CVE-2022-1016: kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM
  • CVE-2022-1048: kernel: race condition in snd_pcm_hw_free leading to use-after-free
  • CVE-2022-1055: kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c
  • CVE-2022-1184: kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
  • CVE-2022-1852: kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS
  • CVE-2022-2078: kernel: buffer overflow in nft_set_desc_concat_parse()
  • CVE-2022-2586: kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation
  • CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()
  • CVE-2022-2938: kernel: use-after-free when psi trigger is destroyed while being polled
  • CVE-2022-20368: kernel: net/packet: slab-out-of-bounds access in packet_recvmsg()
  • CVE-2022-21499: kernel: possible to use the debugger to write zero into a location of choice
  • CVE-2022-23960: hw: cpu: arm64: Spectre-BHB
  • CVE-2022-24448: kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR
  • CVE-2022-26373: hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions
  • CVE-2022-27950: kernel: memory leak in drivers/hid/hid-elo.c
  • CVE-2022-28390: kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c
  • CVE-2022-28893: kernel: use after free in SUNRPC subsystem
  • CVE-2022-29581: kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c
  • CVE-2022-36946: kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c
Red Hat Security Data
#vulnerability#linux#red_hat#intel#samba#buffer_overflow#ibm#wifi

Synopsis

Moderate: kernel security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • off-path attacker may inject data or terminate victim’s TCP session (CVE-2020-36516)
  • race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)
  • use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)
  • memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)
  • smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)
  • NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)
  • swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)
  • uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)
  • race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)
  • use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)
  • use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)
  • NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)
  • buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)
  • nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)
  • openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)
  • use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)
  • net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)
  • possible to use the debugger to write zero into a location of choice (CVE-2022-21499)
  • Spectre-BHB (CVE-2022-23960)
  • Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)
  • memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)
  • double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)
  • use after free in SUNRPC subsystem (CVE-2022-28893)
  • use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)
  • DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)
  • nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Virtualization Host 4 for RHEL 8 x86_64
  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64

Fixes

  • BZ - 1946279 - CVE-2021-30002 kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c
  • BZ - 1948442 - [Hyper-V][RHEL8.4]On Hyper-V Host set gen1 MAX resolution > 3840x4320, GUI start failed, sometimes get kernel panic
  • BZ - 1977993 - Add basic support for DPCD backlight control for Nouveau
  • BZ - 1978539 - Add HMM and vm kselftests to CI
  • BZ - 1980646 - CVE-2021-3640 kernel: use-after-free vulnerability in function sco_sock_sendmsg()
  • BZ - 2004037 - Percpu counter usage is gradually getting increasing during podman container recreation.
  • BZ - 2019942 - Touchpad on Fujitsu Lifebook T725 not detected
  • BZ - 2037386 - CVE-2022-0168 kernel: smb2_ioctl_query_info NULL Pointer Dereference
  • BZ - 2042424 - kernel-tools does not perform a daemon reload when installed/upgraded
  • BZ - 2044837 - [Marvell 8.7 FEAT] update qedi driver to latest upstream
  • BZ - 2051444 - CVE-2022-24448 kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR
  • BZ - 2053632 - CVE-2022-0617 kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback
  • BZ - 2056383 - System freezes with callstack in dmesg: ret_from_fork
  • BZ - 2058369 - WARNING due to invalid error code from smb2_get_enc_key, followed by crash
  • BZ - 2058395 - CVE-2022-0854 kernel: swiotlb information leak with DMA_FROM_DEVICE
  • BZ - 2059928 - CVE-2020-36516 kernel: off-path attacker may inject data or terminate victim’s TCP session
  • BZ - 2062284 - CVE-2022-23960 hw: cpu: arm64: Spectre-BHB
  • BZ - 2062780 - Make possible to get information about network interface over rtnetlink using alternative interface name
  • BZ - 2066614 - CVE-2022-1016 kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM
  • BZ - 2066706 - CVE-2022-1048 kernel: race condition in snd_pcm_hw_free leading to use-after-free
  • BZ - 2066976 - AF_PACKET SOCK_RAW drops GSO tagged packets.
  • BZ - 2069408 - CVE-2022-27950 kernel: memory leak in drivers/hid/hid-elo.c
  • BZ - 2069472 - block: update with v5.17 wrt. fixes
  • BZ - 2070205 - CVE-2022-1184 kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
  • BZ - 2070220 - CVE-2022-1055 kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c
  • BZ - 2072552 - XFS: sync to upstream v5.13
  • BZ - 2073064 - CVE-2022-28390 kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c
  • BZ - 2074208 - CVE-2022-28893 kernel: use after free in SUNRPC subsystem
  • BZ - 2074317 - genirq/affinity: Consider that CPUs on nodes can be unbalanced
  • BZ - 2080095 - [ESXi][RHEL8.7]Bring VMCI up to date with upstream
  • BZ - 2084183 - CVE-2022-21499 kernel: possible to use the debugger to write zero into a location of choice
  • BZ - 2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()
  • BZ - 2088021 - CVE-2022-29581 kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c
  • BZ - 2089815 - CVE-2022-1852 kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS
  • BZ - 2090940 - block layer: dependency for fixing device mapper io accouting
  • BZ - 2091539 - kernel panics if iwlwifi firmware can not be loaded
  • BZ - 2096178 - CVE-2022-2078 kernel: buffer overflow in nft_set_desc_concat_parse()
  • BZ - 2100259 - backport audit_log_kern_module memleak fix from v5.19-rc3
  • BZ - 2107594 - backport vsock commits for RHEL-8.7
  • BZ - 2109327 - [bonding] bugfix update from v5.19
  • BZ - 2112693 - CVE-2020-36558 kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference
  • BZ - 2114577 - Regression in setting nfs mount options
  • BZ - 2114878 - CVE-2022-2586 kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation
  • BZ - 2115065 - CVE-2022-26373 hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions
  • BZ - 2115278 - CVE-2022-36946 kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c
  • BZ - 2120175 - CVE-2022-2938 kernel: use-after-free when psi trigger is destroyed while being polled
  • BZ - 2123695 - CVE-2022-20368 kernel: net/packet: slab-out-of-bounds access in packet_recvmsg()

CVEs

  • CVE-2020-36516
  • CVE-2020-36558
  • CVE-2021-3640
  • CVE-2021-30002
  • CVE-2022-0168
  • CVE-2022-0617
  • CVE-2022-0854
  • CVE-2022-1016
  • CVE-2022-1048
  • CVE-2022-1055
  • CVE-2022-1184
  • CVE-2022-1852
  • CVE-2022-2078
  • CVE-2022-2586
  • CVE-2022-2639
  • CVE-2022-2938
  • CVE-2022-20368
  • CVE-2022-21499
  • CVE-2022-23960
  • CVE-2022-24448
  • CVE-2022-26373
  • CVE-2022-27950
  • CVE-2022-28390
  • CVE-2022-28893
  • CVE-2022-29581
  • CVE-2022-36946

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
  • https://access.redhat.com/solutions/6971358

Red Hat Virtualization Host 4 for RHEL 8

SRPM

x86_64

bpftool-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 3131df6fc0beca0889b37fabadca9d5231c880ac8b5abf3d822e6e69c9afe4d5

kernel-debug-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 6257dd1ef90e64e84c991be872c2eb3431cd25b1fd63776d54873768ccfb7c90

kernel-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: d9d39ff66a9d13248bd1c358a5dbde9676e084bbc4cd60e489315e95f34d2739

kernel-debuginfo-common-x86_64-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: f8b179e6bb69f75b7bb70078ce0dc4dcdef022cc8721fcb5811fe8a6d3c60ff1

kernel-devel-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 43fabc2a959bd45fe9642c03cdd1b063526425e03b82d69e9f3d735d072f8911

kernel-headers-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: a4654d99caa00f620dabd2910aa2945dd6328e5e7de23b5408e32ad42eaebfdf

kernel-tools-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 075b3e70832d4e8086732dace5491257e634459452c2cd2647db8e151a1918b7

perf-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: d4318b60e66be71bfcdfceff118a888f51ec742022ccddd5453f01dfa0822b00

perf-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 72e66fb9e770fa7d6f050d207e2f69584bc2de2192de4e3a37f6e90f9a12a6e3

python3-perf-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: c2a000c36531be508499017a0ba01e53f6e53234c71120e4f380527cc68a43e0

Red Hat Enterprise Linux for x86_64 8

SRPM

kernel-4.18.0-425.3.1.el8.src.rpm

SHA-256: 0dc4267f4cd95bb693297eaf1cb57241d7e33498834785d6e2a3342cea1715f7

x86_64

bpftool-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: f8afcfe3c591260a911ca14ed22c8993c59d0157354292f6794a4305a8958517

bpftool-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 3131df6fc0beca0889b37fabadca9d5231c880ac8b5abf3d822e6e69c9afe4d5

kernel-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 5348506e9fa17558bae75af2fc38f1cf663101b7a33a7c0139954473c94c7b3a

kernel-abi-stablelists-4.18.0-425.3.1.el8.noarch.rpm

SHA-256: 7fcf38362717db76e6b39692264217fed32466299a5f365bdd637a8c647d101d

kernel-core-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 457d35e44e1b46b0b37300745d4d2b1cfff682270299a22aecd9f6a9c82b1a51

kernel-cross-headers-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 6467d0a375cbfaa98aafd2524ccee7eb75dd6c275696dab4d3438782ce43c9c0

kernel-debug-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 5e63a1654d68bd4a3218186a8f12d1a0175aef7657eea55146ff20530a511396

kernel-debug-core-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: a5f0800e468d6a441a319e28492b1f8470d2de87684a3f2f7010e9c9c05f9032

kernel-debug-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 6257dd1ef90e64e84c991be872c2eb3431cd25b1fd63776d54873768ccfb7c90

kernel-debug-devel-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 7c08dacd430b7c9ef24974c1ab7c48f742e289665b0d19c9211125a48267a032

kernel-debug-modules-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: ae159435e570e9509509e6ac341be1af8a72c93396cddef61e2703f5054e0938

kernel-debug-modules-extra-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: a187b0f46caaaa6fcbfe5f5d09704a6f3531b6bbfd97be221ce72b48fac61fbc

kernel-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: d9d39ff66a9d13248bd1c358a5dbde9676e084bbc4cd60e489315e95f34d2739

kernel-debuginfo-common-x86_64-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: f8b179e6bb69f75b7bb70078ce0dc4dcdef022cc8721fcb5811fe8a6d3c60ff1

kernel-devel-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 43fabc2a959bd45fe9642c03cdd1b063526425e03b82d69e9f3d735d072f8911

kernel-doc-4.18.0-425.3.1.el8.noarch.rpm

SHA-256: 5282e8f124c2784febc70bb7f758072734a7243437c0f32499270451972f2354

kernel-headers-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: a4654d99caa00f620dabd2910aa2945dd6328e5e7de23b5408e32ad42eaebfdf

kernel-modules-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 522ca62752d7c71782fa32a485018391c4c35269c7a1683c9aee99c6ffa9810a

kernel-modules-extra-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 518131ba84e6f3f0fefdb6b768315b6b88e2512a82f279c9563da3ef1a13acfb

kernel-tools-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 17fe81e3dd04b59e855748ebfadd7fdb8c0121b59f5cd513285189392d9b088f

kernel-tools-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 075b3e70832d4e8086732dace5491257e634459452c2cd2647db8e151a1918b7

kernel-tools-libs-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 28f682a759e2891878d4946e31dd098145720783fcdd25cf7d03515f88bb95a5

perf-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: d4318b60e66be71bfcdfceff118a888f51ec742022ccddd5453f01dfa0822b00

perf-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 72e66fb9e770fa7d6f050d207e2f69584bc2de2192de4e3a37f6e90f9a12a6e3

python3-perf-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 041ed1297fd5c8d70014b3760d672dbb6467e96b472b2eb6def4be24206a41af

python3-perf-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: c2a000c36531be508499017a0ba01e53f6e53234c71120e4f380527cc68a43e0

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

kernel-4.18.0-425.3.1.el8.src.rpm

SHA-256: 0dc4267f4cd95bb693297eaf1cb57241d7e33498834785d6e2a3342cea1715f7

s390x

bpftool-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: c41e2dfec17d1ec0fecb617d1a02f4720d786c08bf95cdde73e4af933696c583

bpftool-debuginfo-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 5b64acc1bb808af5db24fe5389d8363ddf6625e090f022fec213ea1fdeb753fe

kernel-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: eb717d5ad5a67a390d089595bacda4cfa468b35a29500f4226e1868c94b7c1cf

kernel-abi-stablelists-4.18.0-425.3.1.el8.noarch.rpm

SHA-256: 7fcf38362717db76e6b39692264217fed32466299a5f365bdd637a8c647d101d

kernel-core-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 1ffb93f7d88c5e1962d8fa599a829855549590866a06d14f5dbb5bf1d6280ff6

kernel-cross-headers-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: dc78c0172bc718cbc34d03b3123205d4f5781ab282be92d1ec49be989dfb942e

kernel-debug-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: b9d43a1c760ee0dccf172e1782853dfaf3762ea50651811422a1375ecddd7541

kernel-debug-core-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 8e0468aac1f3a91410e09a5f2d8c769be17833b3290a3fa397f096ae5365ff19

kernel-debug-debuginfo-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: b3f1bb7210b1bfeb10913e203803796c85770118b012f3f7a1ba7c2e7a59480f

kernel-debug-devel-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 78eed485f4dbe81a4a0412e9694774c7f19b11bad9ea380091a5b0e6c925787c

kernel-debug-modules-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: a37a845e7f1283ec39d524f9c06ec47dbd340c52142040711e081513f6541e8b

kernel-debug-modules-extra-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 302a5bac7c47f867c6728a29cfc713f5589badae91b74d28fa19d6916aefb0ac

kernel-debuginfo-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 3f01777acc7a4559bf1a6b8876c25f53711cf2b2914d5ce2910d470637dc5749

kernel-debuginfo-common-s390x-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: f0976e09bca31c3fd058b904e37bd5e6d78d722d1f45c005129846eb4970ab5c

kernel-devel-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: aeb57d7260f62642730464f494968421248e42f702633fef4aa237330925612d

kernel-doc-4.18.0-425.3.1.el8.noarch.rpm

SHA-256: 5282e8f124c2784febc70bb7f758072734a7243437c0f32499270451972f2354

kernel-headers-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 75b78846e82ffbcdaaf8164054f6a4fb8d032468a203583547e5099895a84d0c

kernel-modules-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: c804bf6126b180607980529b2eaac13c33eb166fc17f01421d21c038fad18342

kernel-modules-extra-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 7dfff2b244214f5750547b473c019a8322008fe78f4d7d3ceccf3b38e8997d16

kernel-tools-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 2b6fc0bb3c461d9a627c4cc044f068e6cb336fee6f1fd1918f748d0e80b1f2f0

kernel-tools-debuginfo-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: b755f9b92c575b7caac9ae9f23a82da409983be25fbb78c33eef3e4a4e0b6568

kernel-zfcpdump-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: ecc70c0f9afad4f1307b045f4aacfaa97a50ae5b5f9cc308f14ba8d5148c8c41

kernel-zfcpdump-core-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 4107c8d1c9a8f436816cf743c1613a9eba489590aa2977e3c74f01e05967bd7e

kernel-zfcpdump-debuginfo-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 0f722d37cb5fa525fc046aba2df0ec5ebd65aecfc229d061c123e7ecb657e009

kernel-zfcpdump-devel-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: c54ce9dec225b4dc5222d38ff1225591df91777bbdd6aec692e413788465e2bd

kernel-zfcpdump-modules-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 6e96940513ad2610f438bc1ace35466cd0b0a50c8a70127f58e6ca9028b03166

kernel-zfcpdump-modules-extra-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 730c3207dd71845afe9f1944d91d48cf024a96847de2e7a8f41db2d542397922

perf-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 9046d6b0b0700ee5877e46ffdfa43d3d18d3637d91db3d1507c0c38e340ad78c

perf-debuginfo-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: 609ab10b248d54640c85b841a745930cf4b305ff576e1b64bc6f8a96ceb166f1

python3-perf-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: e54ab52b861ce0cfa04f5f6418f01efe9cb6eb4c3261970f709d28193c4473cb

python3-perf-debuginfo-4.18.0-425.3.1.el8.s390x.rpm

SHA-256: bf4758cf038ce5475fc837c6e74e8abc6f79322d0a4442e685955051c2d3ece3

Red Hat Enterprise Linux for Power, little endian 8

SRPM

kernel-4.18.0-425.3.1.el8.src.rpm

SHA-256: 0dc4267f4cd95bb693297eaf1cb57241d7e33498834785d6e2a3342cea1715f7

ppc64le

bpftool-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 8ef7c060cb8035197c1102afcdb008151edf9cc79c4fe6bda3ec68aac0bfd7ed

bpftool-debuginfo-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 98d0b17f14f0c1cc02becc437e79fe9911fc69112978024e8f0079d1c32397c1

kernel-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 64f51c9eff90b83432b41d511397bac28ca71ecd0c97170eb9d950dddb2f7028

kernel-abi-stablelists-4.18.0-425.3.1.el8.noarch.rpm

SHA-256: 7fcf38362717db76e6b39692264217fed32466299a5f365bdd637a8c647d101d

kernel-core-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 3806e17041a3f5921657385e5b50795885cb464ef54985d387753e9dcaed4ab9

kernel-cross-headers-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 2e3dd36716c4598579bd5b34c729bb4051c86053eaf7ad73d20860a8d5306455

kernel-debug-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 0c090d819885f816dd8a2118ce28820ad52c138a15c0e24508026d6159c7fdc8

kernel-debug-core-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: c8d6efeb805b6161175deddf8751b9839a975b981aebf5906d4bedeaeb7f0a68

kernel-debug-debuginfo-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 83170704a2db64c4f5248798fc2a22944dfa82dfb75262a578db9ebb38358bfc

kernel-debug-devel-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 19d89461a40bfdde062cc6ce13191c448aeca13be85018829fcbbdbe2ab0bb93

kernel-debug-modules-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 1c3e6f511c567905ff10364ca4fdc88d3e94fa9a29b840df48905293b9e76083

kernel-debug-modules-extra-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 338c59590dc030d36292cbb780f278bbcede22662d709cd845403aa50b2c7363

kernel-debuginfo-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: c34d152d42b1ecd89ba738934c99bb080a05084ed7b7a01f27919da6f2a373cb

kernel-debuginfo-common-ppc64le-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: d5cd390c03a449e2af3a670a3411b491db15a51dfdded10dabe8e5c20403ae52

kernel-devel-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 46883bef7aecc2ac8837bc9f5b237c550e4de4b9e0bde79db2e517b4b786b10b

kernel-doc-4.18.0-425.3.1.el8.noarch.rpm

SHA-256: 5282e8f124c2784febc70bb7f758072734a7243437c0f32499270451972f2354

kernel-headers-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: d2411e94faf277854e93501d01b77a2baa218022bbb9480f5c5a93765073ea77

kernel-modules-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: dce3d63b2cddd269b1498eed199a65f6d3de4edb503438988634602a044de779

kernel-modules-extra-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 33d841cd9b5e9c647d4573630c056ab19a2a176475d85e3c9696b2ebf3047ddc

kernel-tools-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 7e00084c61c000b204ede8510c49219f9ed4492d36101599a07cee72c4282862

kernel-tools-debuginfo-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: de5998408fe198da0733cd5d501e8b8ab50f26d0a3b5e87d2f527497025639b3

kernel-tools-libs-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 5d8af6b4029a925434306fa4fd5eeec8af0a2cd10a3ed716dcfbd1e9cf206678

perf-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 5edbfcb0e05ef959587582706b147e05f3113823382ae354f6784840e32810a3

perf-debuginfo-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: b9d7f1a077778beebeb7ce94f4b322605bfdee39f6a66e30ee75590e8f9c992d

python3-perf-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 79b47c9931d3b94095d96871b5d07a01f82566dc625de160fdd0dc173837d881

python3-perf-debuginfo-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 285db7671d283fead782637233b74afae436af8cc2930faae6ab4e3599af3356

Red Hat Enterprise Linux for ARM 64 8

SRPM

kernel-4.18.0-425.3.1.el8.src.rpm

SHA-256: 0dc4267f4cd95bb693297eaf1cb57241d7e33498834785d6e2a3342cea1715f7

aarch64

bpftool-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 09f4d83fdfe7ffb1b602e6df17b3f7152474ebd64554c776aabe6d941fdea176

bpftool-debuginfo-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: c3d913eb1525cce988ff73b437ad74ea0a1f5922af1ca9168b90999907295078

kernel-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: b18f1b207b3445304829c4d5697f5626796bc3085510f5b6b1a7340a4b36d025

kernel-abi-stablelists-4.18.0-425.3.1.el8.noarch.rpm

SHA-256: 7fcf38362717db76e6b39692264217fed32466299a5f365bdd637a8c647d101d

kernel-core-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: b6c7fe6f675afa7b67b30cb2b4627d1b12cb08d9ffd4261d53853c30293191ce

kernel-cross-headers-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: fb87531bb20ddcb62f7a435a831f7a224f3591df055d0ae08838e7aed6c4a5cc

kernel-debug-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: dea4ae74e195c9bb17bd73f75a56cda8ea65a77a5235542767f68bab0ce36ddd

kernel-debug-core-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: c2cc33212daa14ea7e0e6c2f5115dd1c9609177cf13570f1c24e875c693e6ef9

kernel-debug-debuginfo-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 9ccf3a60c4f83f139dc53d17819013df4a9a0d53fac11dcb3adc4fb985cdab22

kernel-debug-devel-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 0ab21043355bcfe8b5ea5b8a922606d055a8cac49acb764fe263e44750394c02

kernel-debug-modules-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 49ee91c01ee1ed262fdf66be534c6dd0693e57eaf3c1868d275151ea11c3488b

kernel-debug-modules-extra-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 0058a83cbb6e95091210366eb62d4604128609f28c0c234918f70063e2a3d47d

kernel-debuginfo-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: d099fc7303807fbec258852908fdbf5186f3699e5bc4826976a795ba3f8ebbff

kernel-debuginfo-common-aarch64-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: ce9ddbcd7bc3dc5f3bf3b644eb88509ad3ae73814d1c042355926330c6633aef

kernel-devel-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: e3bfdf5727613a8e9662296df4da9edf7734b49fff5da4cdc75ac167a72e68fc

kernel-doc-4.18.0-425.3.1.el8.noarch.rpm

SHA-256: 5282e8f124c2784febc70bb7f758072734a7243437c0f32499270451972f2354

kernel-headers-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 013feeec65cff12e91b712f140a4b693616eef4e143123dccf62a372ea25de22

kernel-modules-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 768ada0a325c0fdc20657a5fa69331843bf0a64f03721df317b06a6b2300836c

kernel-modules-extra-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 1b3e5a5fecc2e46b0bfa44ec3a546949a5371286f793d5cd0c598540a1436718

kernel-tools-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 489e9e2c6218276193d3b863a0a36a304738437f119ef0ab97f810f1b50a0aa6

kernel-tools-debuginfo-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 52651edfa09b8fb02cbbdaa67701beaa308d167f6ae115c1ab22041000962e9d

kernel-tools-libs-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: a324cf7312e7ad72f7597f960150497fd38e5a82eddac6f39fcf18f47e8c5d27

perf-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 7b155b80ed7d3d228a2712650e64bbf624e778444e84ffb102dc496ad409ed56

perf-debuginfo-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 8c31bfbbfb27c0445cfc811ebb79013d5dc859382cc5e6b1d24e871b8cbe99b2

python3-perf-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: abfbe07c490c3bf5e19073d848a4c5e5f713e010d24b747b0a0addfaa061a23b

python3-perf-debuginfo-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 98ebd80ca48875e287993def5c9b3ea385efb5e819e599b0c13af482fd6fea5b

Red Hat CodeReady Linux Builder for x86_64 8

SRPM

x86_64

bpftool-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 3131df6fc0beca0889b37fabadca9d5231c880ac8b5abf3d822e6e69c9afe4d5

kernel-debug-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 6257dd1ef90e64e84c991be872c2eb3431cd25b1fd63776d54873768ccfb7c90

kernel-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: d9d39ff66a9d13248bd1c358a5dbde9676e084bbc4cd60e489315e95f34d2739

kernel-debuginfo-common-x86_64-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: f8b179e6bb69f75b7bb70078ce0dc4dcdef022cc8721fcb5811fe8a6d3c60ff1

kernel-tools-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 075b3e70832d4e8086732dace5491257e634459452c2cd2647db8e151a1918b7

kernel-tools-libs-devel-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 9f8db42ca1e31c640f7950ee1ef281685d198679331eedee3df9c842412b0cda

perf-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: 72e66fb9e770fa7d6f050d207e2f69584bc2de2192de4e3a37f6e90f9a12a6e3

python3-perf-debuginfo-4.18.0-425.3.1.el8.x86_64.rpm

SHA-256: c2a000c36531be508499017a0ba01e53f6e53234c71120e4f380527cc68a43e0

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM

ppc64le

bpftool-debuginfo-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 98d0b17f14f0c1cc02becc437e79fe9911fc69112978024e8f0079d1c32397c1

kernel-debug-debuginfo-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 83170704a2db64c4f5248798fc2a22944dfa82dfb75262a578db9ebb38358bfc

kernel-debuginfo-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: c34d152d42b1ecd89ba738934c99bb080a05084ed7b7a01f27919da6f2a373cb

kernel-debuginfo-common-ppc64le-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: d5cd390c03a449e2af3a670a3411b491db15a51dfdded10dabe8e5c20403ae52

kernel-tools-debuginfo-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: de5998408fe198da0733cd5d501e8b8ab50f26d0a3b5e87d2f527497025639b3

kernel-tools-libs-devel-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 9c98164346e03bd37c1ba41cee00783387cde8f39eb5ace70ab60deaa63c9bf1

perf-debuginfo-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: b9d7f1a077778beebeb7ce94f4b322605bfdee39f6a66e30ee75590e8f9c992d

python3-perf-debuginfo-4.18.0-425.3.1.el8.ppc64le.rpm

SHA-256: 285db7671d283fead782637233b74afae436af8cc2930faae6ab4e3599af3356

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM

aarch64

bpftool-debuginfo-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: c3d913eb1525cce988ff73b437ad74ea0a1f5922af1ca9168b90999907295078

kernel-debug-debuginfo-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 9ccf3a60c4f83f139dc53d17819013df4a9a0d53fac11dcb3adc4fb985cdab22

kernel-debuginfo-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: d099fc7303807fbec258852908fdbf5186f3699e5bc4826976a795ba3f8ebbff

kernel-debuginfo-common-aarch64-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: ce9ddbcd7bc3dc5f3bf3b644eb88509ad3ae73814d1c042355926330c6633aef

kernel-tools-debuginfo-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 52651edfa09b8fb02cbbdaa67701beaa308d167f6ae115c1ab22041000962e9d

kernel-tools-libs-devel-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: b1670ea7794ac9b656a5d112b1602de6d6d07278d438223460791ba9ee00b4cd

perf-debuginfo-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 8c31bfbbfb27c0445cfc811ebb79013d5dc859382cc5e6b1d24e871b8cbe99b2

python3-perf-debuginfo-4.18.0-425.3.1.el8.aarch64.rpm

SHA-256: 98ebd80ca48875e287993def5c9b3ea385efb5e819e599b0c13af482fd6fea5b

Related news

Red Hat Security Advisory 2024-4107-03

Red Hat Security Advisory 2024-4107-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-2004-03

Red Hat Security Advisory 2024-2004-03 - An update for kernel is now available for Red Hat Enterprise Linux 7. Issues addressed include null pointer and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2003-03

Red Hat Security Advisory 2024-2003-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Issues addressed include null pointer and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1188-03

Red Hat Security Advisory 2024-1188-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include code execution, denial of service, memory leak, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0724-03

Red Hat Security Advisory 2024-0724-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, bypass, denial of service, double free, memory leak, null pointer, privilege escalation, and use-after-free vulnerabilities.

CVE-2023-43074: DSA-2023-141: Dell Unity, Unity VSA and Unity XT Security Update for Multiple Vulnerability

Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.

Red Hat Security Advisory 2023-5627-01

Red Hat Security Advisory 2023-5627-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, null pointer, out of bounds write, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6337-1

Ubuntu Security Notice 6337-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6331-1

Ubuntu Security Notice 6331-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6314-1

Ubuntu Security Notice 6314-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6312-1

Ubuntu Security Notice 6312-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6301-1

Ubuntu Security Notice 6301-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6284-1

Ubuntu Security Notice 6284-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

CVE-2023-33953: Security Bulletins

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...

Red Hat Security Advisory 2023-4138-01

Red Hat Security Advisory 2023-4138-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and use-after-free vulnerabilities.

RHSA-2023:4138: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1016: A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. * CVE-2022-42703: A memory leak flaw with us...

Ubuntu Security Notice USN-6221-1

Ubuntu Security Notice 6221-1 - It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the virtual terminal device implementation in the Linux kernel contained a race condition in its ioctl handling that led to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Ubuntu Security Notice USN-6014-1

Ubuntu Security Notice 6014-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-6001-1

Ubuntu Security Notice 6001-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

CVE-2023-25947: en/security-disclosure/2023/2023-03.md · OpenHarmony/security - Gitee.com

The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.

Ubuntu Security Notice USN-5924-1

Ubuntu Security Notice 5924-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-5862-1

Ubuntu Security Notice 5862-1 - It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information.

Ubuntu Security Notice USN-5861-1

Ubuntu Security Notice 5861-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5856-1

Ubuntu Security Notice 5856-1 - Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Hu Jiahui discovered that multiple race conditions existed in the Advanced Linux Sound Architecture framework, leading to use-after-free vulnerabilities. A local attacker could use these to cause a denial of service or possibly execute arbitrary code.

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

RHSA-2023:0440: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4139: kernel: i915: Incorrect GPU TLB flush can lead to random memory access * CVE-2022-26373: hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions

RHSA-2023:0058: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

CVE-2021-46868: January

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

CVE-2022-20544: Pixel Update Bulletin—December2022  |  Android Open Source Project

In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070

RHSA-2022:9082: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-43945: kernel: nfsd buffer overflow by RP...

RHSA-2022:9040: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.3 security update

Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

Red Hat Security Advisory 2022-8989-01

Red Hat Security Advisory 2022-8989-01 - The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2022-8974-01

Red Hat Security Advisory 2022-8974-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, code execution, out of bounds write, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2022-8941-01

Red Hat Security Advisory 2022-8941-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an out of bounds write vulnerability.

RHSA-2022:8973: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-21123: hw: cpu: incomplete clean-up of multi-co...

RHSA-2022:8940: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

RHSA-2022:8889: Red Hat Security Advisory: Openshift Logging 5.3.14 bug fix release and security update

Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

Red Hat Security Advisory 2022-8809-01

Red Hat Security Advisory 2022-8809-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.

RHSA-2022:8831: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

RHSA-2022:8809: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

Red Hat Security Advisory 2022-8767-01

Red Hat Security Advisory 2022-8767-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2022-8765-01

Red Hat Security Advisory 2022-8765-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an out of bounds write vulnerability.

RHSA-2022:8765: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

RHSA-2022:8767: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

RHSA-2022:8768: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

Red Hat Security Advisory 2022-7933-01

Red Hat Security Advisory 2022-7933-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include code execution, denial of service, double free, information leakage, null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

RHSA-2022:8267: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2022-0168: kernel: smb2_ioctl_query_info NULL pointer dereference * CVE-2022-0617: kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback * CVE-2022-0854: ...

RHSA-2022:7933: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2022-0168: kernel: smb2_ioctl_query_info NULL pointer dereference * CVE-2022-0617: kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback * CVE-2022-085...

RHSA-2022:7444: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2020-36558: kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2021-30002: kernel: memory leak for large argume...

CVE-2022-43449: en/security-disclosure/2022/2022-11.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

CVE-2022-43449: en/security-disclosure/2022/2022-11.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

Red Hat Security Advisory 2022-7338-01

Red Hat Security Advisory 2022-7338-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include code execution, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-7337-01

Red Hat Security Advisory 2022-7337-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include code execution, privilege escalation, and use-after-free vulnerabilities.

RHSA-2022:7338: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-23816: hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions * CVE-2022-23825: hw: cpu: AMD: Branch Type Confusion (non-retbleed) * CVE-2022-26373: hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions * ...

RHSA-2022:7337: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-23816: hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions * CVE-2022-23825: hw: cpu: AMD: Branch Type Confusion (non-retbleed) * CVE-2022-26373: hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions * CVE...

Ubuntu Security Notice USN-5706-1

Ubuntu Security Notice 5706-1 - It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Debian Security Advisory 5257-1

Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice USN-5682-1

Ubuntu Security Notice 5682-1 - It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2022-41686: en/security-disclosure/2022/2022-10.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

CVE-2022-41686: en/security-disclosure/2022/2022-10.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

CVE-2022-41686: en/security-disclosure/2022/2022-10.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

Ubuntu Security Notice USN-5667-1

Ubuntu Security Notice 5667-1 - Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information.

Ubuntu Security Notice USN-5668-1

Ubuntu Security Notice 5668-1 - It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5660-1

Ubuntu Security Notice 5660-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-5654-1

Ubuntu Security Notice 5654-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-5652-1

Ubuntu Security Notice 5652-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-5650-1

Ubuntu Security Notice 5650-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5650-1

Ubuntu Security Notice 5650-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5647-1

Ubuntu Security Notice 5647-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB

Hello everyone! Let’s take a look at Microsoft’s September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual. Alternative […]

Ubuntu Security Notice USN-5634-1

Ubuntu Security Notice 5634-1 - Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service.

CVE-2022-1941: Security Bulletins  |  Customer Care  |  Google Cloud

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.

CVE-2022-1941: Security Bulletins  |  Customer Care  |  Google Cloud

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.

Ubuntu Security Notice USN-5623-1

Ubuntu Security Notice 5623-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5622-1

Ubuntu Security Notice 5622-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-5621-1

Ubuntu Security Notice 5621-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service.

Red Hat Security Advisory 2022-6582-01

Red Hat Security Advisory 2022-6582-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and heap overflow vulnerabilities.

Red Hat Security Advisory 2022-6610-01

Red Hat Security Advisory 2022-6610-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and heap overflow vulnerabilities.

RHSA-2022:6610: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2078: kernel: Vulnerability of buffer overflow in nft_set_desc_concat_parse() * CVE-2022-34918: kernel: heap overflow in nft_set_elem_init()

RHSA-2022:6582: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2078: kernel: Vulnerability of buffer overflow in nft_set_desc_concat_parse() * CVE-2022-34918: kernel: heap overflow in nft_set_elem_init()

Ubuntu Security Notice USN-5616-1

Ubuntu Security Notice 5616-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

CVE-2020-36600: September

Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.

CVE-2020-36600: September

Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.

CVE-2020-36600: September

Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.

Update now! Microsoft patches two zero-days

Categories: News Tags: CVE-2022-37969 Tags: CVE-2022-23960 Tags: CVE-2022-35805 Tags: CVE-2022-34700 Tags: CVE-2022-34718 Tags: CVE-2022-34721 Tags: CVE-2022-34722 Tags: Microsoft Tags: Adobe Tags: Android Tags: Apple Tags: Cisco Tags: Google Tags: Samsung Tags: SAP Tags: VMWare The September 2022 Patch Tuesday updates includes two zero-day vulnerabilities, one of which is known to be used in attacks (Read more...) The post Update now! Microsoft patches two zero-days appeared first on Malwarebytes Labs.

Microsoft's Latest Security Update Fixes 64 New Flaws, Including a Zero-Day

Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to 16 vulnerabilities that Microsoft addressed in its

Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs

In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.

Ubuntu Security Notice USN-5602-1

Ubuntu Security Notice 5602-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

Ubuntu Security Notice USN-5599-1

Ubuntu Security Notice 5599-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-5594-1

Ubuntu Security Notice 5594-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

CVE-2022-2639: Invalid Bug ID

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Ubuntu Security Notice USN-5590-1

Ubuntu Security Notice 5590-1 - Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service.

Kernel Live Patch Security Notice LSN-0089-1

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. Various other vulnerabilities were also discovered.

Kernel Live Patch Security Notice LSN-0089-1

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. Various other vulnerabilities were also discovered.

Kernel Live Patch Security Notice LSN-0089-1

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. Various other vulnerabilities were also discovered.

CVE-2022-1184: Invalid Bug ID

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

CVE-2022-1016: CVE-2022-1015,CVE-2022-1016 in nf_tables cause privilege escalation, information leak

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

CVE-2022-0168: Invalid Bug ID

A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.

Ubuntu Security Notice USN-5582-1

Ubuntu Security Notice 5582-1 - Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5582-1

Ubuntu Security Notice 5582-1 - Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5582-1

Ubuntu Security Notice 5582-1 - Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5580-1

Ubuntu Security Notice 5580-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5580-1

Ubuntu Security Notice 5580-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2022-2938

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.

CVE-2022-26373: INTEL-SA-00706

Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Ubuntu Security Notice USN-5567-1

Ubuntu Security Notice 5567-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5566-1

Ubuntu Security Notice 5566-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5566-1

Ubuntu Security Notice 5566-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5565-1

Ubuntu Security Notice 5565-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5564-1

Ubuntu Security Notice 5564-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5564-1

Ubuntu Security Notice 5564-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

CVE-2022-20158: Pixel Update Bulletin—August 2022  |  Android Open Source Project

In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182815710References: Upstream kernel

CVE-2022-20158: Pixel Update Bulletin—August 2022  |  Android Open Source Project

In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182815710References: Upstream kernel

CVE-2022-20158: Pixel Update Bulletin—August 2022  |  Android Open Source Project

In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182815710References: Upstream kernel

Ubuntu Security Notice USN-5562-1

Ubuntu Security Notice 5562-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5562-1

Ubuntu Security Notice 5562-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5562-1

Ubuntu Security Notice 5562-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5560-2

Ubuntu Security Notice 5560-2 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5560-2

Ubuntu Security Notice 5560-2 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5560-1

Ubuntu Security Notice 5560-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5560-1

Ubuntu Security Notice 5560-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

RHSA-2022:6002: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0494: kernel: information leak in scsi_ioctl() * CVE-2022-1055: kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c

RHSA-2022:6003: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0494: kernel: information leak in scsi_ioctl() * CVE-2022-1055: kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c

Ubuntu Security Notice USN-5544-1

Ubuntu Security Notice 5544-1 - It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Felix Fu discovered that the Sun RPC implementation in the Linux kernel did not properly handle socket states, leading to a use-after-free vulnerability. A remote attacker could possibly use this to cause a denial of service or execute arbitrary code.

CVE-2022-36946: '[PATCH nf] netfilter: nf_queue: do not allow packet truncation below transport header offset'

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.

Ubuntu Security Notice USN-5529-1

Ubuntu Security Notice 5529-1 - It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle guest TLB mapping invalidation requests in some situations. An attacker in a guest VM could use this to cause a denial of service in the host OS.

Ubuntu Security Notice USN-5529-1

Ubuntu Security Notice 5529-1 - It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle guest TLB mapping invalidation requests in some situations. An attacker in a guest VM could use this to cause a denial of service in the host OS.

CVE-2020-36558

A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.

CVE-2022-32263: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.

CVE-2022-32263: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.

CVE-2022-25357: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.

CVE-2022-26657: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-27929: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-27930: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.

CVE-2022-27928: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

CVE-2022-27934: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-27929: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-27932: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

CVE-2022-27928: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

CVE-2022-27937: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

CVE-2022-27936: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.

CVE-2022-27931: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

CVE-2022-27937: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

CVE-2022-27936: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.

CVE-2022-27935: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.

CVE-2022-27934: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-27935: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.

CVE-2022-27931: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

CVE-2022-2078

A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.

CVE-2022-1852: KVM: x86: avoid calling x86 emulator without a decoded instruction · torvalds/linux@fee060c

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.

Ubuntu Security Notice USN-5484-1

Ubuntu Security Notice 5484-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2022-21499: git/torvalds/linux.git - Linux kernel source tree

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).

Ubuntu Security Notice USN-5471-1

Ubuntu Security Notice 5471-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5469-1

Ubuntu Security Notice 5469-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5469-1

Ubuntu Security Notice 5469-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5469-1

Ubuntu Security Notice 5469-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5469-1

Ubuntu Security Notice 5469-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5470-1

Ubuntu Security Notice 5470-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5468-1

Ubuntu Security Notice 5468-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5468-1

Ubuntu Security Notice 5468-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5467-1

Ubuntu Security Notice 5467-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5467-1

Ubuntu Security Notice 5467-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5466-1

Ubuntu Security Notice 5466-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5466-1

Ubuntu Security Notice 5466-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5466-1

Ubuntu Security Notice 5466-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Kernel Live Patch Security Notice LSN-0086-1

It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.

Kernel Live Patch Security Notice LSN-0086-1

It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.

Kernel Live Patch Security Notice LSN-0086-1

It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.

Ubuntu Security Notice USN-5443-2

Ubuntu Security Notice 5443-2 - Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions.

Ubuntu Security Notice USN-5442-2

Ubuntu Security Notice 5442-2 - Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux kernel contained in integer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

CVE-2022-29581: 🐧🕺

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

Ubuntu Security Notice USN-5416-1

Ubuntu Security Notice 5416-1 - Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-5415-1

Ubuntu Security Notice 5415-1 - Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-5413-1

Ubuntu Security Notice 5413-1 - Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service. It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2022-28893

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.

CVE-2022-28390: can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in err… · torvalds/linux@c702227

ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.

CVE-2022-1055: 🐧🕺

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

CVE-2022-0854

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

CVE-2022-23960: Speculative Processor Vulnerability

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.

CVE-2021-3640: Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() · torvalds/linux@99c23da

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.

CVE-2020-36516: Off-Path TCP Exploits of the Mixed IPID Assignment | Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

CVE-2020-35198: Wind River

An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.