English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2022.0092
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2022-0092)
Resumen:The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2022-0092 advisory.
Descripción:Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2022-0092 advisory.

Vulnerability Insight:
This kernel update is based on upstream 5.15.25 and fixes at least the
following security issues:

A vulnerability in the Linux kernel since version 5.8 due to uninitialized
variables. It enables anybody to write arbitrary data to arbitrary files,
even if the file is O_RDONLY, immutable or on a MS_RDONLY filesystem.
It can be used to inject code into arbitrary processes (CVE-2022-0847).

An issue was discovered in drivers/usb/gadget/composite.c in the Linux
kernel before 5.16.10. The USB Gadget subsystem lacks certain validation
of interface OS descriptor requests (ones with a large array index and
ones associated with NULL function pointer retrieval). Memory corruption
might occur (CVE-2022-25258).

An issue was discovered in drivers/usb/gadget/function/rndis.c in the
Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of
the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive
information from kernel memory (CVE-2022-25375).

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10
allows local users to gain privileges because of a heap out-of-bounds
write. This is related to nf_tables_offload (CVE-2022-25636).

For other upstream fixes, see the referenced changelogs.

Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-0847
http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html
http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.html
http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.html
https://www.suse.com/support/kb/doc/?id=000020603
https://bugzilla.redhat.com/show_bug.cgi?id=2060795
https://dirtypipe.cm4all.com/
Common Vulnerability Exposure (CVE) ID: CVE-2022-25258
Debian Security Information: DSA-5092 (Google Search)
https://www.debian.org/security/2022/dsa-5092
Debian Security Information: DSA-5096 (Google Search)
https://www.debian.org/security/2022/dsa-5096
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCW2KZYJ2H6BKZE3CVLHRIXYDGNYYC5P/
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10
https://github.com/szymonh/d-os-descriptor
https://github.com/torvalds/linux/commit/75e5b4849b81e19e9efe1654b30d7f3151c33c2c
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-25375
https://github.com/szymonh/rndis-co
https://github.com/torvalds/linux/commit/38ea1eac7d88072bbffb630e2b3db83ca649b826
http://www.openwall.com/lists/oss-security/2022/02/21/1
Common Vulnerability Exposure (CVE) ID: CVE-2022-25636
https://security.netapp.com/advisory/ntap-20220325-0002/
Debian Security Information: DSA-5095 (Google Search)
https://www.debian.org/security/2022/dsa-5095
http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6
https://github.com/Bonfee/CVE-2022-25636
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
https://www.openwall.com/lists/oss-security/2022/02/21/2
https://www.oracle.com/security-alerts/cpujul2022.html
http://www.openwall.com/lists/oss-security/2022/02/22/1
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.