English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.10.2022.0062
Category:Mageia Linux Local Security Checks
Title:Mageia: Security Advisory (MGASA-2022-0062)
Summary:The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2022-0062 advisory.
Description:Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2022-0062 advisory.

Vulnerability Insight:
This kernel update is based on upstream 5.15.23 and fixes at least the
following security issues:

A stack overflow flaw was found in the Linux kernel TIPC protocol
functionality in the way a user sends a packet with malicious content
where the number of domain member nodes is higher than the 64 allowed.
This flaw allows a remote user to crash the system or possibly escalate
their privileges if they have access to the TIPC network (CVE-2022-0435).

A vulnerability was found in the Linux kernel cgroup_release_agent_write
in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain
circumstances, allows the use of the cgroups v1 release_agent feature to
escalate privileges and bypass the namespace isolation unexpectedly
(CVE-2022-0492).

An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5.
If an application sets the O_DIRECTORY flag, and tries to open a regular
file, nfs_atomic_open() performs a regular lookup. If a regular file is
found, ENOTDIR should occur, but the server instead returns uninitialized
data in the file descriptor (CVE-2022-24448).

Other fixes in this update:
- enable several missed MediaTek wifi drivers (mga#29965)

For other upstream fixes, see the referenced changelogs.

Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2022-0435
https://security.netapp.com/advisory/ntap-20220602-0001/
https://bugzilla.redhat.com/show_bug.cgi?id=2048738
https://www.openwall.com/lists/oss-security/2022/02/10/1
Common Vulnerability Exposure (CVE) ID: CVE-2022-0492
Debian Security Information: DSA-5095 (Google Search)
https://www.debian.org/security/2022/dsa-5095
Debian Security Information: DSA-5096 (Google Search)
https://www.debian.org/security/2022/dsa-5096
http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html
http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html
https://bugzilla.redhat.com/show_bug.cgi?id=2051505
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-24448
Debian Security Information: DSA-5092 (Google Search)
https://www.debian.org/security/2022/dsa-5092
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf
https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a
https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf
https://lore.kernel.org/all/67d6a536-9027-1928-99b6-af512a36cd1a@huawei.com/T/
https://www.spinics.net/lists/stable/msg531976.html
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.