ALT-PU-2022-1239-1
Package kernel-image-mp updated to version 5.16.8-alt1 for branch sisyphus in task 295198.
Closed vulnerabilities
BDU:2022-00515
Уязвимость ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии
BDU:2022-00737
Уязвимость функции cgroup_release_agent_write (kernel/cgroup/cgroup-v1.c) ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии в системе или вызвать отказ в обслуживании
BDU:2022-00790
Уязвимость реализации функции nfs_atomic_open() ядра операционных систем Linux, позволяющая нарушителю оказать влияние на конфиденциальность данных
BDU:2022-00823
Уязвимость компонента drivers/usb/gadget/legacy/inode.c ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-00833
Уязвимость компонента drivers/usb/gadget/legacy/inode.c ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01597
Уязвимость компонента watch_queue ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код с привилегиями root
BDU:2022-03863
Уязвимость реализации функции copy_info_records_to_user() ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-0492
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
- http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html
- http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html
- http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
- http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
- http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html
- http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2051505
- https://bugzilla.redhat.com/show_bug.cgi?id=2051505
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- https://security.netapp.com/advisory/ntap-20220419-0002/
- https://security.netapp.com/advisory/ntap-20220419-0002/
- DSA-5095
- DSA-5095
- DSA-5096
- DSA-5096
Modified: 2024-11-21
CVE-2022-0995
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
- http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html
- http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html
- http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html
- http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2063786
- https://bugzilla.redhat.com/show_bug.cgi?id=2063786
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb
- https://security.netapp.com/advisory/ntap-20220429-0001/
- https://security.netapp.com/advisory/ntap-20220429-0001/
Modified: 2024-11-21
CVE-2022-1998
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/notify/fanotify/fanotify_user.c?h=v5.17&id=ee12595147ac1fbfb5bcb23837e26dd58d94b15d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/notify/fanotify/fanotify_user.c?h=v5.17&id=ee12595147ac1fbfb5bcb23837e26dd58d94b15d
- https://seclists.org/oss-sec/2022/q1/99
- https://seclists.org/oss-sec/2022/q1/99
- https://security.netapp.com/advisory/ntap-20220707-0009/
- https://security.netapp.com/advisory/ntap-20220707-0009/
Modified: 2024-11-21
CVE-2022-24122
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9d87929d451d3e649699d0f1d74f71f77ad38f5
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9d87929d451d3e649699d0f1d74f71f77ad38f5
- https://github.com/torvalds/linux/commit/f9d87929d451d3e649699d0f1d74f71f77ad38f5
- https://github.com/torvalds/linux/commit/f9d87929d451d3e649699d0f1d74f71f77ad38f5
- FEDORA-2022-57fd391bf8
- FEDORA-2022-57fd391bf8
- FEDORA-2022-667a5c6e26
- FEDORA-2022-667a5c6e26
- https://security.netapp.com/advisory/ntap-20220221-0001/
- https://security.netapp.com/advisory/ntap-20220221-0001/
- https://www.openwall.com/lists/oss-security/2022/01/29/1
- https://www.openwall.com/lists/oss-security/2022/01/29/1
Modified: 2024-11-21
CVE-2022-24448
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf
- https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a
- https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a
- https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf
- https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- https://lore.kernel.org/all/67d6a536-9027-1928-99b6-af512a36cd1a%40huawei.com/T/
- https://lore.kernel.org/all/67d6a536-9027-1928-99b6-af512a36cd1a%40huawei.com/T/
- DSA-5092
- DSA-5092
- DSA-5096
- DSA-5096
- https://www.spinics.net/lists/stable/msg531976.html
- https://www.spinics.net/lists/stable/msg531976.html
Modified: 2024-11-21
CVE-2022-24958
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=89f3594d0de58e8a57d92d497dea9fee3d4b9cda
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=89f3594d0de58e8a57d92d497dea9fee3d4b9cda
- https://github.com/torvalds/linux/commit/501e38a5531efbd77d5c73c0ba838a889bfc1d74
- https://github.com/torvalds/linux/commit/501e38a5531efbd77d5c73c0ba838a889bfc1d74
- https://github.com/torvalds/linux/commit/89f3594d0de58e8a57d92d497dea9fee3d4b9cda
- https://github.com/torvalds/linux/commit/89f3594d0de58e8a57d92d497dea9fee3d4b9cda
- [debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update
- [debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update
- FEDORA-2022-2aa7c08b53
- FEDORA-2022-2aa7c08b53
- FEDORA-2022-9d4e48836d
- FEDORA-2022-9d4e48836d
- https://security.netapp.com/advisory/ntap-20220225-0008/
- https://security.netapp.com/advisory/ntap-20220225-0008/
Modified: 2024-11-21
CVE-2022-24959
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
- https://github.com/torvalds/linux/commit/29eb31542787e1019208a2e1047bb7c76c069536
- https://github.com/torvalds/linux/commit/29eb31542787e1019208a2e1047bb7c76c069536
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
- DSA-5092
- DSA-5092
- DSA-5096
- DSA-5096
Modified: 2024-11-21
CVE-2022-2938
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848
- https://security.netapp.com/advisory/ntap-20221223-0002/
- https://security.netapp.com/advisory/ntap-20221223-0002/