ALT Linux Team

Package kernel-image-centos update in sisyphus on 2022-08-08

ALT-PU-2022-2363-1

Package kernel-image-centos updated to version 5.14.0.143-alt1.el9 for branch sisyphus in task 304971.

Closed vulnerabilities

Published: 2022-07-15
Modified: 2024-09-30

BDU:2022-04387

Уязвимость микропрограммного обеспечения процессоров Intel и AMD, позволяющая нарушителю раскрыть защищаемую информацию из памяти ядра или осуществить атаку на хост-систему из виртуальных машин

Severity: MEDIUM (6.5) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N
References:
Published: 2022-07-15
Modified: 2025-02-11

BDU:2022-04388

Уязвимость микропрограммного обеспечения процессоров Intel и AMD, позволяющая нарушителю раскрыть защищаемую информацию из памяти ядра или осуществить атаку на хост-систему из виртуальных машин

Severity: MEDIUM (5.6) Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Severity: LOW (3.8) Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N
References:
Published: 2023-03-23
Modified: 2025-04-29

BDU:2023-01494

Уязвимость микропрограммного обеспечения процессоров AMD, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (6.5) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N
References:
Published: 2023-01-17
Modified: 2023-11-07

CVE-2022-23816

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

Published: 2022-07-14
Modified: 2024-11-21

CVE-2022-23825

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2022-07-12
Modified: 2024-11-21

CVE-2022-29900

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2022-07-12
Modified: 2024-11-21

CVE-2022-29901

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top