| Description: | Summary:
The remote host is missing an update for the 'bpftool'
package(s) announced via the CESA-2022:0620 advisory.
Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: use after free in eventpoll.c may lead to escalation of privilege
(CVE-2020-0466)
* kernel: Use After Free in unix_gc() which could result in a local
privilege escalation (CVE-2021-0920)
* kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL
(CVE-2021-4155)
* kernel: possible privileges escalation due to missing TLB flush
(CVE-2022-0330)
* kernel: failing usercopy allows for use-after-free exploitation
(CVE-2022-22942)
* kernel: out of bounds write in hid-multitouch.c may lead to escalation of
privilege (CVE-2020-0465)
* kernel: double free in bluetooth subsystem when the HCI device
initialization fails (CVE-2021-3564)
* kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)
* kernel: possible use-after-free in bluetooth module (CVE-2021-3752)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Kernel with enabled BERT does not decode CPU fatal events correctly
(BZ#1950302)
* RHEL 7.9 - Call trace seen during controller random reset on IB config
(BZ#1984070)
* Infinite loop in blk_set_queue_dying() from blk_queue_for_each_rl() when
another CPU races and modifies the queue's blkg_list (BZ#2029574)
* NFS client kernel crash in NFS4 backchannel transmit path -
ftrace_raw_event_rpc_task_queued called from rpc_run_bc_task (BZ#2039508)
* SELinux is preventing / from mount access on the filesystem /proc
(BZ#2040196)
Affected Software/OS:
'bpftool' package(s) on CentOS 7.
Solution:
Please install the updated package(s).
CVSS Score:
7.9
CVSS Vector:
AV:A/AC:M/Au:N/C:C/I:C/A:C
|
