ALT-BU-2022-4155-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2022-01465
Уязвимость компонента virtio-fs (virtiofsd) эмулятора QEMU, позволяющая нарушителю повысить свои привилегии в системе
Modified: 2025-02-28
CVE-2021-3929
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.
- https://access.redhat.com/security/cve/CVE-2021-3929
- https://access.redhat.com/security/cve/CVE-2021-3929
- https://bugzilla.redhat.com/show_bug.cgi?id=2020298
- https://bugzilla.redhat.com/show_bug.cgi?id=2020298
- https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385
- https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385
- https://gitlab.com/qemu-project/qemu/-/issues/556
- https://gitlab.com/qemu-project/qemu/-/issues/556
- https://gitlab.com/qemu-project/qemu/-/issues/782
- https://gitlab.com/qemu-project/qemu/-/issues/782
- FEDORA-2022-f0a2695054
- FEDORA-2022-f0a2695054
- https://security.netapp.com/advisory/ntap-20250228-0010/
Modified: 2024-11-21
CVE-2021-4158
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
- https://access.redhat.com/security/cve/CVE-2021-4158
- https://access.redhat.com/security/cve/CVE-2021-4158
- https://bugzilla.redhat.com/show_bug.cgi?id=2035002
- https://bugzilla.redhat.com/show_bug.cgi?id=2035002
- https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e
- https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e
- https://gitlab.com/qemu-project/qemu/-/issues/770
- https://gitlab.com/qemu-project/qemu/-/issues/770
- https://www.mail-archive.com/qemu-devel%40nongnu.org/msg857944.html
- https://www.mail-archive.com/qemu-devel%40nongnu.org/msg857944.html
Modified: 2024-11-21
CVE-2022-0358
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
- https://access.redhat.com/security/cve/CVE-2022-0358
- https://access.redhat.com/security/cve/CVE-2022-0358
- https://bugzilla.redhat.com/show_bug.cgi?id=2044863
- https://bugzilla.redhat.com/show_bug.cgi?id=2044863
- https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca
- https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca
- https://security.netapp.com/advisory/ntap-20221007-0008/
- https://security.netapp.com/advisory/ntap-20221007-0008/
Package kernel-image-centos updated to version 5.14.0.70-alt1.el9 for branch sisyphus in task 295916.
Closed vulnerabilities
BDU:2022-00515
Уязвимость ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии
BDU:2022-00737
Уязвимость функции cgroup_release_agent_write (kernel/cgroup/cgroup-v1.c) ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии в системе или вызвать отказ в обслуживании
BDU:2022-02564
Уязвимость реализации сетевого протокола TIPC операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Modified: 2024-11-21
CVE-2022-0435
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.
- https://bugzilla.redhat.com/show_bug.cgi?id=2048738
- https://bugzilla.redhat.com/show_bug.cgi?id=2048738
- https://security.netapp.com/advisory/ntap-20220602-0001/
- https://security.netapp.com/advisory/ntap-20220602-0001/
- https://www.openwall.com/lists/oss-security/2022/02/10/1
- https://www.openwall.com/lists/oss-security/2022/02/10/1
Modified: 2024-11-21
CVE-2022-0492
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
- http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html
- http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html
- http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
- http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
- http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html
- http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2051505
- https://bugzilla.redhat.com/show_bug.cgi?id=2051505
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- https://security.netapp.com/advisory/ntap-20220419-0002/
- https://security.netapp.com/advisory/ntap-20220419-0002/
- DSA-5095
- DSA-5095
- DSA-5096
- DSA-5096
Modified: 2024-11-21
CVE-2022-24122
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9d87929d451d3e649699d0f1d74f71f77ad38f5
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9d87929d451d3e649699d0f1d74f71f77ad38f5
- https://github.com/torvalds/linux/commit/f9d87929d451d3e649699d0f1d74f71f77ad38f5
- https://github.com/torvalds/linux/commit/f9d87929d451d3e649699d0f1d74f71f77ad38f5
- FEDORA-2022-57fd391bf8
- FEDORA-2022-57fd391bf8
- FEDORA-2022-667a5c6e26
- FEDORA-2022-667a5c6e26
- https://security.netapp.com/advisory/ntap-20220221-0001/
- https://security.netapp.com/advisory/ntap-20220221-0001/
- https://www.openwall.com/lists/oss-security/2022/01/29/1
- https://www.openwall.com/lists/oss-security/2022/01/29/1
Package fleet-commander-admin updated to version 0.15.1-alt9 for branch sisyphus in task 294220.
Closed bugs
Сломалась сборка fleet-commander-admin