Branch c9f2 update bulletin.

Package libvncserver updated to version 0.9.13-alt3 for branch c9f2 in task 309027.

Published: 2022-09-03
Modified: 2024-11-21

CVE-2020-29260

libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package kernel-image-std-def updated to version 5.10.150-alt0.c9f.2 for branch c9f2 in task 309036.

Published: 2022-10-10

BDU:2022-06272

Уязвимость функции cfg80211_update_notlisted_nontrans файла net/wireless/scan.c ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.3) Vector: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References:

CVE-2022-41674

Published: 2022-10-10

BDU:2022-06273

Уязвимость функционала подсчета ссылок в режиме BSS (Basic Service Set) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.3) Vector: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References:

CVE-2022-42720

Published: 2022-10-10

BDU:2022-06274

Уязвимость ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.3) Vector: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References:

CVE-2022-42719

Published: 2021-10-17

BDU:2022-06620

Уязвимость функции del_timer компонента drivers/isdn/mISDN/l1oip_core.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.0) Vector: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2022-3565

Published: 2022-10-26

BDU:2022-07349

Уязвимость драйвера drivers/usb/mon/mon_bin.c ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2022-43750

Published: 2022-10-11

BDU:2023-00631

Уязвимость функции nilfs_new_inode компонента BPF ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2022-3649

Published: 2022-08-24
Modified: 2024-11-21

CVE-2022-2978

A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2022-10-17
Modified: 2024-11-21

CVE-2022-3565

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2022-10-21
Modified: 2024-11-21

CVE-2022-3649

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2022-10-14
Modified: 2024-11-21

CVE-2022-41674

An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Published: 2022-10-14
Modified: 2024-11-21

CVE-2022-42719

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2022-10-14
Modified: 2024-11-21

CVE-2022-42720

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2022-10-26
Modified: 2024-11-21

CVE-2022-43750

drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.

Severity: MEDIUM (6.7) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References:

Модуль amdgpu собран без поддержки видеокарт Southern Islands

Version: 2.1.0

Branch c9f2 update on 2022-11-01

ALT-BU-2022-6846-1

ALT-PU-2022-2962-1

Closed vulnerabilities

CVE-2020-29260

ALT-PU-2022-2965-1

Closed vulnerabilities

BDU:2022-06272

BDU:2022-06273

BDU:2022-06274

BDU:2022-06620

BDU:2022-07349

BDU:2023-00631

CVE-2022-2978

CVE-2022-3565

CVE-2022-3649

CVE-2022-41674

CVE-2022-42719

CVE-2022-42720

CVE-2022-43750

Closed bugs

Bug #43916