ALT-PU-2022-1929-1
Package kernel-image-centos updated to version 5.14.0.97-alt1.el9 for branch sisyphus in task 300479.
Closed vulnerabilities
Published: 2022-03-07
BDU:2022-01567
Уязвимость модулей esp4 и esp6 ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-08-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-1012
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.
Severity: HIGH (8.2)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2064604
- https://bugzilla.redhat.com/show_bug.cgi?id=2064604
- https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/
- https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/
- https://security.netapp.com/advisory/ntap-20221020-0006/
- https://security.netapp.com/advisory/ntap-20221020-0006/
Published: 2022-03-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-27666
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2061633
- https://bugzilla.redhat.com/show_bug.cgi?id=2061633
- https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645
- https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645
- https://security.netapp.com/advisory/ntap-20220429-0001/
- https://security.netapp.com/advisory/ntap-20220429-0001/
- DSA-5127
- DSA-5127
- DSA-5173
- DSA-5173