An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().

'2153067?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-3105: Invalid Bug ID

An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.

CVE-2022-3115

An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference.

'2153055?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-3110: Invalid Bug ID

An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.

'2153054?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-3114: Invalid Bug ID

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Advisory ID: VMSA-2022-0032

CVSSv3 Range: 5.3-7.2

Issue Date: 2022-12-13

Updated On: 2022-12-13 (Initial Advisory)

CVE(s): CVE-2022-31700, CVE-2022-31701

Synopsis: VMware Workspace ONE Access and Identity Manager updates address multiple vulnerabilities (CVE-2022-31700, CVE-2022-31701).

****1\. Impacted Products****

*   VMware Workspace ONE Access (Access)
*   VMware Identity Manager (vIDM)
*   VMware Cloud Foundation (Cloud Foundation)

****2\. Introduction****

Multiple vulnerabilities were privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.

****3a. Authenticated Remote Code Execution Vulnerability (CVE-2022-31700)****

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

A malicious actor with administrator and network access may be able to remotely execute code on the underlying operating system.

To remediate CVE-2022-31700, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

VMware would like to thank Steven Seeley of Source Incite for reporting this issue to us.

****3b. Broken Authentication Vulnerability (CVE-2022-31701)****

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

A malicious actor with network access may be able to obtain system information due to an unauthenticated endpoint. Successful exploitation of this issue can lead to targeting victims.

To remediate CVE-2022-31701 apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

VMware would like to thank Kyung Yoon for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Access

22.09.0.0

Linux

CVE-2022-31700

N/A

N/A

Unaffected

N/A

N/A

Access

22.09.0.0

Linux

CVE-2022-31701

5.3

moderate

22.09.1.0

None

None

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31700

7.2

important

KB90399

None

None

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31701

5.3

moderate

KB90399

None

None

Access Connector

All

Windows

CVE-2022-31700, CVE-2022-31701

N/A

N/A

Unaffected

N/A

N/A

vIDM

3.3.6

Linux

CVE-2022-31700

7.2

important

KB90399

None

None

vIDM

3.3.6

Linux

CVE-2022-31701

5.3

moderate

KB90399

None

None

vIDM Connector

All

Windows

CVE-2022-31700, CVE-2022-31701

N/A

N/A

Unaffected

N/A

N/A

VMware Cloud Foundation (vIDM)

Any

Any

CVE-2022-31700, CVE-2022-31701

7.2

important

KB90384

N/A

N/A

****4\. References****

****5\. Change Log****

**2022-12-13 VMSA-2022-0032**  
Initial security advisory.

****6\. Contact****

CVE-2022-31701: VMSA-2022-0032

Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c.

**Description**

Some crashes occurred in function read\_pointer at binbloom-master/src/helpers.c:67:24 when running program binbloom, this can reproduce on the latest commit.

**Version**

Binbloom 2.0 latest commithttps://github.com/quarkslab/binbloom/commit/b9aada98fa98924d7d3d90e638e865df9f9a2e53 Linux 5.15.0-52-generic #58~20.04.1-Ubuntu SMP Thu Oct 13 13:09:46 UTC 2022 x86\_64 x86\_64 x86\_64 GNU/Linux

**Command**

./binbloom ./POC

**Crashe**

\==487329==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x631000010f90 at pc 0x0000004d3963 bp 0x7ffece9f22d0 sp 0x7ffece9f22c8 READ of size 4 at 0x631000010f90 thread T0 #0 0x4d3962 in read\_pointer /home/hjsz/fuzz\_software/binbloom-master/src/helpers.c:67:24 #1 0x4cc0e5 in compute\_candidates /home/hjsz/fuzz\_software/binbloom-master/src/binbloom.c:1134:21 #2 0x4d0131 in find\_base\_address /home/hjsz/fuzz\_software/binbloom-master/src/binbloom.c #3 0x4d2127 in main /home/hjsz/fuzz\_software/binbloom-master/src/binbloom.c:2102:17 #4 0x7f9ffd152082 in \_\_libc\_start\_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 #5 0x41c3ed in \_start (/home/hjsz/fuzz\_software/binbloom-master/src/binbloom+0x41c3ed)

0x631000010f91 is located 0 bytes to the right of 67473-byte region \[0x631000000800,0x631000010f91) allocated by thread T0 here: #0 0x494b2d in malloc (/home/hjsz/fuzz\_software/binbloom-master/src/binbloom+0x494b2d) #1 0x4cfd95 in find\_base\_address /home/hjsz/fuzz\_software/binbloom-master/src/binbloom.c:1655:39 #2 0x7f9ffd152082 in \_\_libc\_start\_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/hjsz/fuzz\_software/binbloom-master/src/helpers.c:67:24 in read\_pointer Shadow bytes around the buggy address: 0x0c627fffa1a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c627fffa1b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c627fffa1c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c627fffa1d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c627fffa1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c627fffa1f0: 00 00\[01\]fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c627fffa200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c627fffa210: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c627fffa220: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c627fffa230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c627fffa240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==487329==ABORTING

**Crashes and POC**

POC.zip Crashes.zip

CVE-2022-44910: CVE/Reference of Binbloom.md at main · yangfar/CVE

SAP@ Host Agent suffers from a privilege escalation vulnerability.

SAP@ Host Agent Privilege Escalation

Red Hat Security Advisory 2022-8980-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Issues addressed include bypass and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:8980-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8980  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-45403 CVE-2022-45404 CVE-2022-45405  
                   CVE-2022-45406 CVE-2022-45408 CVE-2022-45409  
                   CVE-2022-45410 CVE-2022-45411 CVE-2022-45412  
                   CVE-2022-45416 CVE-2022-45418 CVE-2022-45420  
                   CVE-2022-45421  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.5.0.

Security Fix(es):

* Mozilla: Service Workers might have learned size of cross-origin media  
files (CVE-2022-45403)

* Mozilla: Fullscreen notification bypass (CVE-2022-45404)

* Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)

* Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)

* Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)

* Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)

* Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5  
(CVE-2022-45421)

* Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie  
policy (CVE-2022-45410)

* Mozilla: Cross-Site Tracing was possible via non-standard override  
headers (CVE-2022-45411)

* Mozilla: Symlinks may resolve to partially uninitialized buffers  
(CVE-2022-45412)

* Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)

* Mozilla: Custom mouse cursor could have been drawn over browser UI  
(CVE-2022-45418)

* Mozilla: Iframe contents could be rendered outside the iframe  
(CVE-2022-45420)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2143197 - CVE-2022-45403 Mozilla: Service Workers might have learned size of cross-origin media files  
2143198 - CVE-2022-45404 Mozilla: Fullscreen notification bypass  
2143199 - CVE-2022-45405 Mozilla: Use-after-free in InputStream implementation  
2143200 - CVE-2022-45406 Mozilla: Use-after-free of a JavaScript Realm  
2143201 - CVE-2022-45408 Mozilla: Fullscreen notification bypass via windowName  
2143202 - CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection  
2143203 - CVE-2022-45410 Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy  
2143204 - CVE-2022-45411 Mozilla: Cross-Site Tracing was possible via non-standard override headers  
2143205 - CVE-2022-45412 Mozilla: Symlinks may resolve to partially uninitialized buffers  
2143240 - CVE-2022-45416 Mozilla: Keystroke Side-Channel Leakage  
2143241 - CVE-2022-45418 Mozilla: Custom mouse cursor could have been drawn over browser UI  
2143242 - CVE-2022-45420 Mozilla: Iframe contents could be rendered outside the iframe  
2143243 - CVE-2022-45421 Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
thunderbird-102.5.0-2.el9_0.src.rpm

aarch64:  
thunderbird-102.5.0-2.el9_0.aarch64.rpm  
thunderbird-debuginfo-102.5.0-2.el9_0.aarch64.rpm  
thunderbird-debugsource-102.5.0-2.el9_0.aarch64.rpm

ppc64le:  
thunderbird-102.5.0-2.el9_0.ppc64le.rpm  
thunderbird-debuginfo-102.5.0-2.el9_0.ppc64le.rpm  
thunderbird-debugsource-102.5.0-2.el9_0.ppc64le.rpm

s390x:  
thunderbird-102.5.0-2.el9_0.s390x.rpm  
thunderbird-debuginfo-102.5.0-2.el9_0.s390x.rpm  
thunderbird-debugsource-102.5.0-2.el9_0.s390x.rpm

x86_64:  
thunderbird-102.5.0-2.el9_0.x86_64.rpm  
thunderbird-debuginfo-102.5.0-2.el9_0.x86_64.rpm  
thunderbird-debugsource-102.5.0-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45403  
https://access.redhat.com/security/cve/CVE-2022-45404  
https://access.redhat.com/security/cve/CVE-2022-45405  
https://access.redhat.com/security/cve/CVE-2022-45406  
https://access.redhat.com/security/cve/CVE-2022-45408  
https://access.redhat.com/security/cve/CVE-2022-45409  
https://access.redhat.com/security/cve/CVE-2022-45410  
https://access.redhat.com/security/cve/CVE-2022-45411  
https://access.redhat.com/security/cve/CVE-2022-45412  
https://access.redhat.com/security/cve/CVE-2022-45416  
https://access.redhat.com/security/cve/CVE-2022-45418  
https://access.redhat.com/security/cve/CVE-2022-45420  
https://access.redhat.com/security/cve/CVE-2022-45421  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5j+B9zjgjWX9erEAQj3MxAAiWxuqulrAKVourDqeqGyo9o0Qzc76EDC  
3hs4YF1bMGfaMToQkBF6JhR5/pSaHb1IqCLHxsOt+NbxhofuM4/NeOEb8mpfAY6z  
oAPnEthjNa5kW468OR+1kIE4Nmwg2mcFb2DFkpt32L18ytdALJMQcZN69YGoepJk  
bDBA+xIfQ8/UyljX15p9jFgbAXhr1sB81obT4pfhakvLs3xwUKWDkdcyDMkcsm5b  
BB44+wcpuO6or+FSFWYeZVXsPSRluWLj5l7JkyWinpYu1WpByUlCutC/3A+3vKFe  
aNw3nxdX5gN/XhZBX/QPyuaD5VPu9kD5Q/w55+A0m+C3EKguRomi/KnV2DtKFD+n  
Gc1EgZZ6sf4LmL9aTUlndsT1h3yrBWqbZY6CYTdg8DC3PobnN7V1QkDvrsderxTR  
VXpXcMt8HODKtuxRW8yuX8ISKWFMw93uP2GRUKIhWsXs6SmJU2fit5cF552W0Qyn  
5S/xUng2NT0HuLXPaJBqY/pvwgzVzx04oERfUVxETwBZwbBVis7mtbA4L9k3qR6U  
WAfbLDCXT9Ka//Jg/qawOs4I7Wmrx016tLiGvr9wgV4F+z/P6mIOy/S5YBFNWC/f  
cjltodNEi7rN9OZ68zqi2/d0tgkb0DedJzChwBH363Kf01C0+oMiw7WsyBArrZIV  
FAfAe/UKfO8=Jv2X  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8980-01

Red Hat Security Advisory 2022-8989-01 - The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2022:8989-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8989  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-1158 CVE-2022-2639  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - ppc64le, x86_64

3. Description:

The kpatch management tool provides a kernel patching infrastructure which  
allows you to patch a running kernel without rebooting or restarting any  
processes.

Security Fix(es):

* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
(CVE-2022-1158)

* kernel: openvswitch: integer underflow leads to out-of-bounds write in  
reserve_sfa_size() (CVE-2022-2639)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.2):

Source:  
kpatch-patch-4_18_0-193_81_1-1-3.el8_2.src.rpm  
kpatch-patch-4_18_0-193_87_1-1-2.el8_2.src.rpm  
kpatch-patch-4_18_0-193_90_1-1-2.el8_2.src.rpm  
kpatch-patch-4_18_0-193_91_1-1-2.el8_2.src.rpm  
kpatch-patch-4_18_0-193_93_1-1-1.el8_2.src.rpm

ppc64le:  
kpatch-patch-4_18_0-193_81_1-1-3.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_81_1-debuginfo-1-3.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_81_1-debugsource-1-3.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_87_1-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_87_1-debuginfo-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_87_1-debugsource-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_90_1-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_90_1-debuginfo-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_90_1-debugsource-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_91_1-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_91_1-debuginfo-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_91_1-debugsource-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_93_1-1-1.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_93_1-debuginfo-1-1.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_93_1-debugsource-1-1.el8_2.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-193_81_1-1-3.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_81_1-debuginfo-1-3.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_81_1-debugsource-1-3.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_87_1-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_87_1-debuginfo-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_87_1-debugsource-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_90_1-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_90_1-debuginfo-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_90_1-debugsource-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_91_1-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_91_1-debuginfo-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_91_1-debugsource-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_93_1-1-1.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_93_1-debuginfo-1-1.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_93_1-debugsource-1-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1158  
https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5j+CtzjgjWX9erEAQjKdQ/+MVCZUFqW0y8DiZavFLaJUEB16u37RH/Y  
r7CWGtd1er6/M73xJyYQ3UV2+lFZLgTFQuTX7rNE7GowwMtAWCHdlP2CuKKXNeEe  
PjPu2gpA5WBL/8ee9rb9CqnB1MoC3sJ+2g2I5YlB/K/QVrrmqiZc9dsh8pN34JBh  
V/ccIbd8KTjWLS8u/VUtkuRzmfwIBRvFdCDliXoOwn60UwLCebu5G4OfW8Wp8NKF  
2GGl9LuprvYUj1eIZQ+eyBxoPD98QqZNQWDgA9peAQQHQtVNyb7xYT+OzrPRit/1  
O53cG/kzG5O8q87IM5bhj7iPuo3Ryag0u46nq8PJuzePV2nqNskaLCrWTsYgdw1x  
r3htiVNBlh9uviLDaPrAzJxPW6Vhnf6OHV67Dj4aNFL7LKmmz9uKQ+0+XceaHeCg  
Fw62qYX/rgtfQiXX0EjYnrnBpJxnmGAiI3ljTZdyg+RMOf5lUQNn3IHaVOhRb6Wo  
Vuf3tm51hh8AiAJutxHkqWeaDBep+sbprWz35oYlxG05U0iDce+krEwCCurgGTbO  
c+WsJtD33sZE10hX+pNL5SLZqLyTsJCp7n2bU6GNoovPZOBG6jxjd8OSJ1hemqgR  
A0G0Bh25jSES7ZY4N5uGh629Z7DmJB3/Rcbvkj8tc+DRTfTNMPfZsQUmHbQJ7SzI  
I5BfjKeO+1k«KV  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8989-01

Red Hat Security Advisory 2022-8978-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: grub2 security and bug fix update  
Advisory ID:       RHSA-2022:8978-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8978  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-2601 CVE-2022-3775  
====================================================================  
1. Summary:

An update for grub2 is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, x86_64

3. Description:

The grub2 packages provide version 2 of the Grand Unified Boot Loader  
(GRUB), a highly configurable and customizable boot loader with modular  
architecture. The packages support a variety of kernel formats, file  
systems, computer architectures, and hardware devices.

Security Fix(es):

* grub2: Buffer overflow in grub_font_construct_glyph() can lead to  
out-of-bound write and possible secure boot bypass (CVE-2022-2601)

* grub2: Heap based out-of-bounds write when redering certain unicode  
sequences (CVE-2022-3775)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Kernel Panic on Milan when enable SEV/SEV-ES with CPU: 1 PID: 1 Comm:  
swapper/0 Not tainted (BZ#2130104)

* [RHEL9.0][SecureBoot][Denali/P10] boot process stops at grub prompt after  
copying the signed grub to prep partition (BZ#2134358)

* RHEL9.0 [MAXconfig]: Denali LPAR crashs while booting MAX config 240c /  
64TB - 192 decimal is the biggest partition min value Linux can handle?  
(BZ#2134434)

* ISST-LTE:[P10]:RPT:After FW update,while activating the lpar dexlp87 went  
to ERROR state with LED B2008105 - 7E sub return code (BZ#2135288)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2112975 - CVE-2022-2601 grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass  
2138880 - CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
grub2-2.06-27.el9_0.12.src.rpm

aarch64:  
grub2-debuginfo-2.06-27.el9_0.12.aarch64.rpm  
grub2-debugsource-2.06-27.el9_0.12.aarch64.rpm  
grub2-efi-aa64-2.06-27.el9_0.12.aarch64.rpm  
grub2-efi-aa64-cdboot-2.06-27.el9_0.12.aarch64.rpm  
grub2-emu-debuginfo-2.06-27.el9_0.12.aarch64.rpm  
grub2-tools-2.06-27.el9_0.12.aarch64.rpm  
grub2-tools-debuginfo-2.06-27.el9_0.12.aarch64.rpm  
grub2-tools-extra-2.06-27.el9_0.12.aarch64.rpm  
grub2-tools-extra-debuginfo-2.06-27.el9_0.12.aarch64.rpm  
grub2-tools-minimal-2.06-27.el9_0.12.aarch64.rpm  
grub2-tools-minimal-debuginfo-2.06-27.el9_0.12.aarch64.rpm

noarch:  
grub2-common-2.06-27.el9_0.12.noarch.rpm  
grub2-efi-aa64-modules-2.06-27.el9_0.12.noarch.rpm  
grub2-efi-x64-modules-2.06-27.el9_0.12.noarch.rpm  
grub2-pc-modules-2.06-27.el9_0.12.noarch.rpm  
grub2-ppc64le-modules-2.06-27.el9_0.12.noarch.rpm

ppc64le:  
grub2-debuginfo-2.06-27.el9_0.12.ppc64le.rpm  
grub2-debugsource-2.06-27.el9_0.12.ppc64le.rpm  
grub2-ppc64le-2.06-27.el9_0.12.ppc64le.rpm  
grub2-tools-2.06-27.el9_0.12.ppc64le.rpm  
grub2-tools-debuginfo-2.06-27.el9_0.12.ppc64le.rpm  
grub2-tools-extra-2.06-27.el9_0.12.ppc64le.rpm  
grub2-tools-extra-debuginfo-2.06-27.el9_0.12.ppc64le.rpm  
grub2-tools-minimal-2.06-27.el9_0.12.ppc64le.rpm  
grub2-tools-minimal-debuginfo-2.06-27.el9_0.12.ppc64le.rpm

x86_64:  
grub2-debuginfo-2.06-27.el9_0.12.x86_64.rpm  
grub2-debugsource-2.06-27.el9_0.12.x86_64.rpm  
grub2-efi-x64-2.06-27.el9_0.12.x86_64.rpm  
grub2-efi-x64-cdboot-2.06-27.el9_0.12.x86_64.rpm  
grub2-emu-debuginfo-2.06-27.el9_0.12.x86_64.rpm  
grub2-pc-2.06-27.el9_0.12.x86_64.rpm  
grub2-tools-2.06-27.el9_0.12.x86_64.rpm  
grub2-tools-debuginfo-2.06-27.el9_0.12.x86_64.rpm  
grub2-tools-efi-2.06-27.el9_0.12.x86_64.rpm  
grub2-tools-efi-debuginfo-2.06-27.el9_0.12.x86_64.rpm  
grub2-tools-extra-2.06-27.el9_0.12.x86_64.rpm  
grub2-tools-extra-debuginfo-2.06-27.el9_0.12.x86_64.rpm  
grub2-tools-minimal-2.06-27.el9_0.12.x86_64.rpm  
grub2-tools-minimal-debuginfo-2.06-27.el9_0.12.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2601  
https://access.redhat.com/security/cve/CVE-2022-3775  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5j9/NzjgjWX9erEAQjbZQ//a/froDILL6ZRBqxuscAjkZrWUPfPWEzw  
m7mLmI0/hIhR5bREv03E0PoLEhRFQrB0eggfcc1lOQGcNCDTazvuUsSaBU1ULUHV  
TVDcoTRPQl/NRnlfGPFvCn9Yz2rWYx9rkeI+rmHD7JBNewYDY1WdA/mmxp9RvV0X  
fxDtwLPfO7PauAe23oCJdmZh1GypZbk3nfS4unkYyu/PLPKiB+MMN/bpAjIqwrML  
xzwc/b/hVmJz3xg5qh+5/2+0P3Oug4hND72JZBYAtbuycCtEHzm29VoNMOOi+P9E  
ApJBiF/V9qyndwFKqi9pyyNtv5naRCcGdYdnUFRaknjF0DKxIsXBs+K1FREtiTDo  
LDXOUuLFe0KYPzY4sD9AMRaikuQWmV5oC0BE7w9bPvuFtXBSttwXkqHJ0D5kt0Da  
PRAXsIfcww0XV91LCui77mrjUPOlIfR0XfxMUrMdde0TJnnTi54DCNM0NJLKmoVV  
83DQqi8Ln1xq+zG78muAgsLCwpB2tL45iyRzD6esZ3VlMbH6sDsOABKNZxJPD+UL  
MCPcvO2ypEBGSH/kppTU/SvKN2ijFPM2ZhV15UX4zI+TcAq1YKoQAdjwAqN39Ksk  
KVRCqno6wJbKREWTijUUM0x7XiLQB+gJ2Z869F6cXxaJ4teY7DprTQQ2xMKbz/lr  
KJfj48QotlU¨i1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux