ALT-PU-2022-3066-1
Package kernel-image-centos updated to version 5.14.0.192-alt1.el9 for branch sisyphus in task 309868.
Closed vulnerabilities
BDU:2022-07365
Уязвимость подсистемы XFRM ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код, вызвать отказ в обслуживании или оказать другое воздействие на систему
BDU:2023-00454
Уязвимость межсетевого экрана ядра операционной системы Linux, позволяющая нарушителю обойти межсетевой экран.
BDU:2023-01301
Уязвимость подсистемы управления памятью ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или, возможно, выполнить произвольный код
Modified: 2024-11-21
CVE-2022-2663
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
- https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663
- https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663
- [debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update
- [debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/
- https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/
- DSA-5257
- DSA-5257
- https://www.openwall.com/lists/oss-security/2022/08/30/1
- https://www.openwall.com/lists/oss-security/2022/08/30/1
- https://www.youtube.com/watch?v=WIq-YgQuYCA
- https://www.youtube.com/watch?v=WIq-YgQuYCA
Modified: 2024-11-21
CVE-2022-3028
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
- https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5
- https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5
- [debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update
- [debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- FEDORA-2022-6835ddb6d8
- FEDORA-2022-6835ddb6d8
- FEDORA-2022-35c14ba5bb
- FEDORA-2022-35c14ba5bb
- FEDORA-2022-ccb0138bb6
- FEDORA-2022-ccb0138bb6
- https://lore.kernel.org/all/YtoWqEkKzvimzWS5%40gondor.apana.org.au/T/
- https://lore.kernel.org/all/YtoWqEkKzvimzWS5%40gondor.apana.org.au/T/
- https://security.netapp.com/advisory/ntap-20230214-0004/
- https://security.netapp.com/advisory/ntap-20230214-0004/
Modified: 2024-11-21
CVE-2022-42703
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2351
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2351
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.7
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.7
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2555283eb40df89945557273121e9393ef9b542b
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2555283eb40df89945557273121e9393ef9b542b
- https://github.com/torvalds/linux/commit/2555283eb40df89945557273121e9393ef9b542b
- https://github.com/torvalds/linux/commit/2555283eb40df89945557273121e9393ef9b542b
- https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html
- https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html