Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0213)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0213

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0213)

Resumen: The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2022-0213 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2022-0213 advisory.

Vulnerability Insight:
This kernel-linus update is based on upstream 5.15.43 and fixes at least
the following security issues:

A race condition in the perf subsystem allows for a local privilege
escalation. NOTE: Mageia kernels by default has disabled the perf usage
for unprivileged users, effectively rendering this vulnerability harmless
(CVE-2022-1729).

Kernel could allow a remote attacker to bypass security restrictions,
caused by a lockdown break issue. By sending a specially-crafted request
using the kernel debugger, an attacker could exploit this vulnerability
to perform read and write access to kernel memory (CVE-2022-21499).

For other upstream fixes, see the referenced changelogs.

Affected Software/OS:
'kernel-linus' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-1729
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704
https://www.openwall.com/lists/oss-security/2022/05/20/2
Common Vulnerability Exposure (CVE) ID: CVE-2022-21499
Debian Security Information: DSA-5161 (Google Search)
https://www.debian.org/security/2022/dsa-5161
http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html
https://git.kernel.org/linus/eadb2f47a3ced5c64b23b90fd2a3463f63726066

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0213
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0213)
Resumen:	The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2022-0213 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2022-0213 advisory. Vulnerability Insight: This kernel-linus update is based on upstream 5.15.43 and fixes at least the following security issues: A race condition in the perf subsystem allows for a local privilege escalation. NOTE: Mageia kernels by default has disabled the perf usage for unprivileged users, effectively rendering this vulnerability harmless (CVE-2022-1729). Kernel could allow a remote attacker to bypass security restrictions, caused by a lockdown break issue. By sending a specially-crafted request using the kernel debugger, an attacker could exploit this vulnerability to perform read and write access to kernel memory (CVE-2022-21499). For other upstream fixes, see the referenced changelogs. Affected Software/OS: 'kernel-linus' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-1729 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704 https://www.openwall.com/lists/oss-security/2022/05/20/2 Common Vulnerability Exposure (CVE) ID: CVE-2022-21499 Debian Security Information: DSA-5161 (Google Search) https://www.debian.org/security/2022/dsa-5161 http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html https://git.kernel.org/linus/eadb2f47a3ced5c64b23b90fd2a3463f63726066
Copyright	Copyright (C) 2022 Greenbone AG