ALT-PU-2022-2344-1
Package kernel-image-xenomai updated to version 4.19.252-alt1.cip78.23 for branch p10 in task 304731.
Closed vulnerabilities
BDU:2022-02367
Уязвимость ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
BDU:2022-03004
Уязвимость системного вызова PTRACE_SEIZE безопасного режима вычислений seccomp ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
BDU:2022-03059
Уязвимость функции u32_change() счетчика ссылок в компоненте net/sched ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии до уровня root
BDU:2022-03283
Уязвимость функции nft_expr_init программного обеспечения фильтрации пакетов Netfilter ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии до уровня root
BDU:2022-04244
Уязвимость функции bad_flp_intr ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
BDU:2022-04995
Уязвимость функции reserve_sfa_size() модуля openvswitch ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании
BDU:2022-05852
Уязвимость реализации прокси-виртуализированных TPM-устройств ядра операционной системы Linux, позволяющая нарушителю повысить привилегии в системе
BDU:2022-05855
Уязвимость функции em28xx_usb_probe драйвера video4linux ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии
BDU:2023-00629
Уязвимость функции sl_tx_timeout() в модуле drivers/net/slip.c драйвера SLIP ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-4197
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
- https://bugzilla.redhat.com/show_bug.cgi?id=2035652
- https://bugzilla.redhat.com/show_bug.cgi?id=2035652
- https://lore.kernel.org/lkml/20211209214707.805617-1-tj%40kernel.org/T/
- https://lore.kernel.org/lkml/20211209214707.805617-1-tj%40kernel.org/T/
- https://security.netapp.com/advisory/ntap-20220602-0006/
- https://security.netapp.com/advisory/ntap-20220602-0006/
- DSA-5127
- DSA-5127
- DSA-5173
- DSA-5173
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2022-1652
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
- https://bugzilla.redhat.com/show_bug.cgi?id=1832397
- https://bugzilla.redhat.com/show_bug.cgi?id=1832397
- https://francozappa.github.io/about-bias/
- https://francozappa.github.io/about-bias/
- https://kb.cert.org/vuls/id/647177/
- https://kb.cert.org/vuls/id/647177/
- https://security.netapp.com/advisory/ntap-20220722-0002/
- https://security.netapp.com/advisory/ntap-20220722-0002/
- DSA-5173
- DSA-5173
Modified: 2024-11-21
CVE-2022-2639
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Modified: 2024-11-21
CVE-2022-29581
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
- http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
- http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
- http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html
- http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html
- [oss-security] 20220518 CVE-2022-29581: Linux kernel cls_u32 UAF
- [oss-security] 20220518 CVE-2022-29581: Linux kernel cls_u32 UAF
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3db09e762dc79584a69c10d74a6b98f89a9979f8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3db09e762dc79584a69c10d74a6b98f89a9979f8
- https://kernel.dance/#3db09e762dc79584a69c10d74a6b98f89a9979f8
- https://kernel.dance/#3db09e762dc79584a69c10d74a6b98f89a9979f8
- https://security.netapp.com/advisory/ntap-20220629-0005/
- https://security.netapp.com/advisory/ntap-20220629-0005/
- DSA-5173
- DSA-5173
Modified: 2024-11-21
CVE-2022-2977
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f
- https://security.netapp.com/advisory/ntap-20230214-0006/
- https://security.netapp.com/advisory/ntap-20230214-0006/
Modified: 2024-11-21
CVE-2022-30594
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
- http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
- http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
- http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html
- http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2276
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2276
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3
- https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3
- https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3
- [debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update
- [debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update
- https://security.netapp.com/advisory/ntap-20220707-0001/
- https://security.netapp.com/advisory/ntap-20220707-0001/
- DSA-5173
- DSA-5173
Modified: 2024-11-21
CVE-2022-32250
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
- [oss-security] 20220603 Re: Linux Kernel use-after-free write in netfilter
- [oss-security] 20220603 Re: Linux Kernel use-after-free write in netfilter
- [oss-security] 20220604 Re: Linux Kernel use-after-free write in netfilter
- [oss-security] 20220604 Re: Linux Kernel use-after-free write in netfilter
- [oss-security] 20220620 Re: Linux Kernel use-after-free write in netfilter
- [oss-security] 20220620 Re: Linux Kernel use-after-free write in netfilter
- [oss-security] 20220703 Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?
- [oss-security] 20220703 Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?
- [oss-security] 20220703 Re: Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?
- [oss-security] 20220703 Re: Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?
- [oss-security] 20220825 Re: Linux Kernel use-after-free write in netfilter
- [oss-security] 20220825 Re: Linux Kernel use-after-free write in netfilter
- [oss-security] 20220902 Re: Linux Kernel use-after-free write in netfilter
- [oss-security] 20220902 Re: Linux Kernel use-after-free write in netfilter
- https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/
- https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/
- https://bugzilla.redhat.com/show_bug.cgi?id=2092427
- https://bugzilla.redhat.com/show_bug.cgi?id=2092427
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd
- https://github.com/theori-io/CVE-2022-32250-exploit
- https://github.com/theori-io/CVE-2022-32250-exploit
- [debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update
- [debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/
- https://security.netapp.com/advisory/ntap-20220715-0005/
- https://security.netapp.com/advisory/ntap-20220715-0005/
- https://www.debian.org/security/2022/dsa-5161
- https://www.debian.org/security/2022/dsa-5161
- DSA-5173
- DSA-5173
- https://www.openwall.com/lists/oss-security/2022/05/31/1
- https://www.openwall.com/lists/oss-security/2022/05/31/1
Modified: 2024-11-21
CVE-2022-3239
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c08eadca1bdfa099e20a32f8fa4b52b2f672236d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c08eadca1bdfa099e20a32f8fa4b52b2f672236d
- https://security.netapp.com/advisory/ntap-20230214-0006/
- https://security.netapp.com/advisory/ntap-20230214-0006/
Modified: 2024-11-21
CVE-2022-41858
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.