安全公告详情

NS-SA-2022-0047

2022-05-08 20:30:58

简介

important: kernel security update

严重级别

important

主题

An update for kernel is now available for NewStart CGSL MAIN 5.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

kernel: This package contains the development files for the tools/ directory from the kernel source.


Security Fix(es):
kernel: A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges.(CVE-2021-22555)
kernel: A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-32399)
kernel: A flaw was found on the Linux kernel. On the PowerPC platform, the KVM guest allows the OS users to cause host OS memory corruption via rtas_args.nargs. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-37576)
kernel: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F14CP1B2.

影响组件

  • kernel

影响产品

  • CGSL MAIN 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.noarch.rpm","python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","kernel-debug-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","python-perf-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","perf-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","kernel-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","bpftool-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.x86_64.rpm","kernel-doc-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.noarch.rpm"],"source":"kernel-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603.src.rpm"}]}]}

CVE

参考