ALT-PU-2022-3285-1
Package kernel-image-std-kvm updated to version 5.10.157-alt1 for branch sisyphus in task 311280.
Closed vulnerabilities
BDU:2022-07505
Уязвимость драйвера беспроводной сети WILC1000 ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2022-07506
Уязвимость драйвера беспроводной сети WILC1000 ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2022-07508
Уязвимость драйвера беспроводной сети WILC1000 ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2023-00061
Уязвимость драйвера GPU i915 ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании
BDU:2023-00159
Уязвимость компонента fs/io_uring.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-4139
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.
- https://bugzilla.redhat.com/show_bug.cgi?id=2147572
- https://bugzilla.redhat.com/show_bug.cgi?id=2147572
- https://security.netapp.com/advisory/ntap-20230309-0004/
- https://security.netapp.com/advisory/ntap-20230309-0004/
- https://www.openwall.com/lists/oss-security/2022/11/30/1
- https://www.openwall.com/lists/oss-security/2022/11/30/1
Modified: 2024-11-21
CVE-2022-47518
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.
- https://github.com/torvalds/linux/commit/0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0
- https://github.com/torvalds/linux/commit/0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0
- [debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update
- [debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update
- https://lore.kernel.org/r/20221123153543.8568-5-philipturnbull%40github.com
- https://lore.kernel.org/r/20221123153543.8568-5-philipturnbull%40github.com
- https://security.netapp.com/advisory/ntap-20230113-0007/
- https://security.netapp.com/advisory/ntap-20230113-0007/
Modified: 2024-11-21
CVE-2022-47519
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.
- https://github.com/torvalds/linux/commit/051ae669e4505abbe05165bebf6be7922de11f41
- https://github.com/torvalds/linux/commit/051ae669e4505abbe05165bebf6be7922de11f41
- [debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update
- [debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update
- https://lore.kernel.org/r/20221123153543.8568-3-philipturnbull%40github.com
- https://lore.kernel.org/r/20221123153543.8568-3-philipturnbull%40github.com
- https://security.netapp.com/advisory/ntap-20230113-0007/
- https://security.netapp.com/advisory/ntap-20230113-0007/
Modified: 2024-11-21
CVE-2022-47521
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames.
- https://github.com/torvalds/linux/commit/f9b62f9843c7b0afdaecabbcebf1dbba18599408
- https://github.com/torvalds/linux/commit/f9b62f9843c7b0afdaecabbcebf1dbba18599408
- [debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update
- [debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update
- https://lore.kernel.org/r/20221123153543.8568-4-philipturnbull%40github.com
- https://lore.kernel.org/r/20221123153543.8568-4-philipturnbull%40github.com
- https://security.netapp.com/advisory/ntap-20230113-0007/
- https://security.netapp.com/advisory/ntap-20230113-0007/
Modified: 2024-11-21
CVE-2022-47946
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.
- [oss-security] 20221227 Re: Linux kernel: use-after-free in io_sqpoll_wait_sq
- [oss-security] 20221227 Re: Linux kernel: use-after-free in io_sqpoll_wait_sq
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.161&id=0f544353fec8e717d37724d95b92538e1de79e86
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.161&id=0f544353fec8e717d37724d95b92538e1de79e86
- https://www.openwall.com/lists/oss-security/2022/12/22/2
- https://www.openwall.com/lists/oss-security/2022/12/22/2