English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2022.0155
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2022-0155)
Resumen:The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2022-0155 advisory.
Descripción:Summary:
The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2022-0155 advisory.

Vulnerability Insight:
This kernel-linus update is based on upstream 5.15.35 and fixes at least the
following security issues:

A denial of service (DOS) issue was found in the Linux kernel
smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet
File System (CIFS) due to an incorrect return from the memdup_user function.
This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the
system (CVE-2022-0168).

x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region
(CVE-2022-1158).

Use-after-free vulnerabilities in drivers/net/hamradio/6pack.c allow
attacker to crash linux kernel by simulating Amateur Radio from user-space
(CVE-2022-1198).

Use-after-free flaw was found in the Linux kernel's Amateur Radio AX.25
protocol functionality in the way a user connects with the protocol. This
flaw allows a local user to crash the system (CVE-2022-1204).

A NULL pointer dereference flaw was found in the Linux kernel's Amateur
Radio AX.25 protocol functionality in the way a user connects with the
protocol. This flaw allows a local user to crash the system
(CVE-2022-1205).

A null pointer dereference was found in the kvm module which can lead to
denial of service (CVE-2022-1263).

A vulnerability was found in the pfkey_register function in net/key/af_key.c
in the Linux kernel. This flaw allows a local, unprivileged user to gain
access to kernel memory, leading to a system crash or a leak of internal
kernel information (CVE-2022-1353).

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel
through 5.17.1 has a double free (CVE-2022-28388).

mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel
through 5.17.1 has a double free (CVE-2022-28389).

ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel
through 5.17.1 has a double free (CVE-2022-28390).

In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due
to a race condition in io_uring timeouts. This can be triggered by a local
user who has no access to any user namespace (CVE-2022-29582).

For other upstream fixes, see the referenced changelogs.

Affected Software/OS:
'kernel-linus' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-0168
https://access.redhat.com/security/cve/CVE-2022-0168
https://bugzilla.redhat.com/show_bug.cgi?id=2037386
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6f5e358452479fa8a773b5c6ccc9e4ec5a20880
Common Vulnerability Exposure (CVE) ID: CVE-2022-1158
https://bugzilla.redhat.com/show_bug.cgi?id=2069793
https://www.openwall.com/lists/oss-security/2022/04/08/4
Common Vulnerability Exposure (CVE) ID: CVE-2022-1198
https://access.redhat.com/security/cve/CVE-2022-1198
https://bugzilla.redhat.com/show_bug.cgi?id=2070689
https://github.com/torvalds/linux/commit/efe4186e6a1b54bf38b9e05450d43b0da1fd7739
https://www.openwall.com/lists/oss-security/2022/04/02/3
Common Vulnerability Exposure (CVE) ID: CVE-2022-1204
https://access.redhat.com/security/cve/CVE-2022-1204
https://bugzilla.redhat.com/show_bug.cgi?id=2071051
https://security-tracker.debian.org/tracker/CVE-2022-1204
https://www.openwall.com/lists/oss-security/2022/04/02/2
Common Vulnerability Exposure (CVE) ID: CVE-2022-1205
https://access.redhat.com/security/cve/CVE-2022-1205
https://bugzilla.redhat.com/show_bug.cgi?id=2071047
https://github.com/torvalds/linux/commit/82e31755e55fbcea6a9dfaae5fe4860ade17cbc0
https://github.com/torvalds/linux/commit/fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009
https://www.openwall.com/lists/oss-security/2022/04/02/4
Common Vulnerability Exposure (CVE) ID: CVE-2022-1263
https://access.redhat.com/security/cve/CVE-2022-1263
https://bugzilla.redhat.com/show_bug.cgi?id=2072698
https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4
https://www.openwall.com/lists/oss-security/2022/04/07/1
Common Vulnerability Exposure (CVE) ID: CVE-2022-1353
Debian Security Information: DSA-5127 (Google Search)
https://www.debian.org/security/2022/dsa-5127
Debian Security Information: DSA-5173 (Google Search)
https://www.debian.org/security/2022/dsa-5173
https://bugzilla.redhat.com/show_bug.cgi?id=2066819
https://github.com/torvalds/linux/commit/9a564bccb78a76740ea9d75a259942df8143d02c
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-28388
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/
https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2
Common Vulnerability Exposure (CVE) ID: CVE-2022-28389
https://github.com/torvalds/linux/commit/04c9b00ba83594a29813d6b1fb8fdc93a3915174
Common Vulnerability Exposure (CVE) ID: CVE-2022-28390
https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646
Common Vulnerability Exposure (CVE) ID: CVE-2022-29582
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.3
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e677edbcabee849bfdd43f1602bccbecf736a646
https://github.com/Ruia-ruia/CVE-2022-29582-Exploit
https://github.com/torvalds/linux/commit/e677edbcabee849bfdd43f1602bccbecf736a646
https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/
https://www.openwall.com/lists/oss-security/2022/04/22/3
http://www.openwall.com/lists/oss-security/2022/04/22/4
http://www.openwall.com/lists/oss-security/2022/08/08/3
http://www.openwall.com/lists/oss-security/2024/04/24/3
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.