Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2022.0122
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2022-0122)
Zusammenfassung:	The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2022-0122 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2022-0122 advisory. Vulnerability Insight: This kernel-linus update is based on upstream 5.15.32 and fixes at least the following security issues: An out-of-bounds (OOB) memory write flaw was found in the Linux kernel's watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system (CVE-2022-0995). A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too (CVE-2022-1011). A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue (CVE-2022-1015). A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c: nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker (CVE-2022-1016). A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2022-1048). st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c has EVT_TRANSACTION buffer overflows because of untrusted length parameters (CVE-2022-26490). There is a buffer overflow in ESP transformation in net/ipv4/esp4.c and net/ipv6/esp6.c via a large message. In some configurations, local users can gain privileges by overwriting kernel heap objects (CVE-2022-27666). A refcount leak bug was found in net/llc/af_llc.c (CVE-2022-28356). For other upstream fixes, see the referenced changelogs. Affected Software/OS: 'kernel-linus' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-0995 http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html https://bugzilla.redhat.com/show_bug.cgi?id=2063786 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb Common Vulnerability Exposure (CVE) ID: CVE-2022-1011 Debian Security Information: DSA-5173 (Google Search) https://www.debian.org/security/2022/dsa-5173 https://bugzilla.redhat.com/show_bug.cgi?id=2064855 https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2022-1015 http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/ https://bugzilla.redhat.com/show_bug.cgi?id=2065323 https://seclists.org/oss-sec/2022/q1/205 http://www.openwall.com/lists/oss-security/2022/08/25/2 http://www.openwall.com/lists/oss-security/2023/01/13/2 http://www.openwall.com/lists/oss-security/2023/02/23/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-1016 https://access.redhat.com/security/cve/CVE-2022-1016 https://bugzilla.redhat.com/show_bug.cgi?id=2066614 Common Vulnerability Exposure (CVE) ID: CVE-2022-1048 Debian Security Information: DSA-5127 (Google Search) https://www.debian.org/security/2022/dsa-5127 https://bugzilla.redhat.com/show_bug.cgi?id=2066706 https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai@suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3 Common Vulnerability Exposure (CVE) ID: CVE-2022-26490 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BG4J46EMFPDD5QHYXDUI3PJCZQ7HQAZR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT/ https://github.com/torvalds/linux/commit/4fbcc1a4cb20fe26ad0225679c536c80f1648221 Common Vulnerability Exposure (CVE) ID: CVE-2022-27666 https://bugzilla.redhat.com/show_bug.cgi?id=2061633 https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 Common Vulnerability Exposure (CVE) ID: CVE-2022-28356 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1 https://github.com/torvalds/linux/commit/764f4eb6846f5475f1244767d24d25dd86528a4a http://www.openwall.com/lists/oss-security/2022/04/06/1
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.