important: kernel/pixman security update
important
An update for kernel/pixman is now available for NewStart CGSL MAIN 6.06.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
kernel: This package contains the bpftool, which allows inspection and simple manipulation of eBPF programs and maps.
pixman: Pixman is a pixel manipulation library for X and Cairo.
Security Fix(es):
kernel: is duplicate of CVE-2022-2078, so please consider CVE-2022-2078 instead. https://access.redhat.com/security/cve/CVE-2022-2078(CVE-2022-1972)
kernel: A buffer overflow flaw was found in the u8 overflow in cfg80211_update_notlisted_nontrans() in net/wireless/scan.c in the Linux kernel’s wifi subcomponent. This flaw allows an attacker to crash the system or leak internal kernel information.(CVE-2022-41674)
kernel: A use-after-free flaw was found in ieee802_11_parse_elems_full in the net/mac80211/util.c function in the multi-BSSID element. This issue occurs while parsing in the Linux kernel.(CVE-2022-42719)
kernel: An out-of-bounds write flaw was found in the Linux kernel?s console driver functionality in the way a user triggers the ioctl PIO_FONT with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2021-33656)
kernel: A race condition was found in the Linux kernel's watch queue due to a missing lock in the pipe_resize_ring(). The race condition occurs when a thread uses ioctl(IOC_WATCH_QUEUE_SET_SIZE) to resize the pipe buffer and free the old pipe buffer, while another thread uses keyctl() to trigger a notification in the watch queue, calling post_one_notification() and accessing the freed pipe buffer. This flaw allows a local user to crash the system or escalate their privileges on the system.(CVE-2022-2959)
kernel: There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.(CVE-2022-1975)
kernel: A use-after-free flaw was found in the Linux kernel?s POSIX CPU timers functionality in the way a user creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-2585)
kernel: A use-after-free flaw was found in the Linux kernel?s NILFS file system in the way a user triggers the security_inode_alloc function to fail with the following call to the nilfs_mdt_destroy function. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-2978)
kernel: A use-after-free flaw was found in io_uring in the Linux kernel. This flaw allows a local user to trigger the issue if a signalfd or binder fd is polled with the io_uring poll due to a lack of io_uring POLLFREE handling.(CVE-2022-3176)
kernel: A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel?s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.(CVE-2022-0500)
kernel: A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.(CVE-2022-3028)
kernel: A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.(CVE-2022-29900)
kernel: A vulnerability was found in follow_page_pte in mm/gup.c in the Linux Kernel. This issue occurs due to a race problem which can poison the page table entry and cause a denial-of-service.(CVE-2022-3623)
kernel: A flaw was found in the Linux kernel?s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.(CVE-2022-2153)
kernel: A flaw was found in the Linux kernel?s IP framework for transforming packets (XFRM subsystem). An error while resolving policies in xfrm_bundle_lookup causes the refcount to drop twice, leading to a possible crash and a denial of service.(CVE-2022-36879)
kernel: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).(CVE-2022-33742)
kernel: A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.(CVE-2022-3169)
kernel: An incomplete cleanup flaw was found in the Linux kernel?s Xen networking XDP (eXpress Data Path) subsystem. This flaw allows a local user to crash the system.(CVE-2022-33743)
kernel: A use-after-free flaw was found in the Linux kernel?s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.(CVE-2022-1786)
kernel: A flaw was found in the NILFS2 file system implementation in the Linux kernel. If the beginning of the inode bitmap area was corrupted on disk, an inode with the same inode number as the root inode could be allocated and fail soon after. The subsequent call to nilfs_clear_inode() wrongly decremented the reference counter of struct nilfs_root, leading to a use-after-free issue. A user permitted to mount arbitrary file system images could use this flaw to cause a denial of service.(CVE-2022-3649)
kernel: A flaw was found in P2P-Device in wifi in ieee80211_rx_h_decrypt in net/mac80211/rx.c in the Linux kernel, leading to a denial of service.(CVE-2022-42722)
kernel: An out-of-bounds memory write flaw in the Linux kernel’s USB Monitor component was found in how a user with access to the /dev/usbmon can trigger it by an incorrect write to the memory of the usbmon. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-43750)
kernel: An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.(CVE-2022-32981)
kernel: A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.(CVE-2022-0494)
kernel: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).(CVE-2022-33744)
kernel: A flaw was found in the kernel/debug/debug_core.c in the Linux kernel in lockdown mode. This flaw allows an attacker with local access to trigger the debugger, bypass lockdown and write anonymously.(CVE-2022-21499)
kernel: A flaw was found in the x86 KVM subsystem in kvm_steal_time_set_preempted in arch/x86/kvm/x86.c in the Linux kernel. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.(CVE-2022-39189)
kernel: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges.(CVE-2022-3564)
kernel: A flaw was found in the Linux kernel. A race issue occurs between an io_uring request and the Unix socket garbage collector, allowing an attacker local privilege escalation.(CVE-2022-2602)
kernel: A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel?s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.(CVE-2022-1184)
kernel: An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.(CVE-2022-2905)
kernel: A race condition in the Linux kernel's EFI capsule loader driver was found in the way it handled write and flush operations on the device node of the EFI capsule. A local user could potentially use this flaw to crash the system.(CVE-2022-40307)
kernel: The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.(CVE-2022-32296)
kernel: An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-2639)
kernel: A vulnerability classified as problematic was found in Linux Kernel. Affected by this vulnerability is the function mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the component mvpp2. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211033 was assigned to this vulnerability.(CVE-2022-3535)
kernel: A memory leak flaw was found in bnx2x_tpa_stop in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c in the bnx2x sub-component in the Linux Kernel. This flaw may allow a local attacker to cause a denial of service.(CVE-2022-3542)
kernel: A use-after-free flaw was found in the Linux kernel’s ISDN over IP tunnel functionality in how a local user triggers the release_card() function called from l1oip_cleanup(). This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-3565)
kernel: A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.(CVE-2021-4037)
kernel: A flaw was found in net/netfilter/nf_tables_api.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain.(CVE-2022-39190)
kernel: Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.(CVE-2022-3061)
kernel: A firewall flaw that can bypass the Linux kernel’s Netfilter functionality was found in how a user handles unencrypted IRC with nf_conntrack_irc configured. This flaw allows a remote user to gain unauthorized access to the system.(CVE-2022-2663)
kernel: A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.(CVE-2022-3628)
kernel: A list corruption flaw was found in cfg80211_add_nontrans_list in the net/wireless/scan.c function in the Linux kernel. This flaw could lead to a denial of service.(CVE-2022-42721)
kernel: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).(CVE-2022-33741)
kernel: A flaw was found in the NILFS2 file system implementation in the Linux kernel. If nilfs_attach_log_writer() failed to create a log writer thread, it free'd a data structure of the log writer without any cleanup, causing a leak of struct nilfs_root. A user permitted to mount arbitrary file system images could use this flaw to cause a denial of service (resource exhaustion).(CVE-2022-3646)
kernel: A use-after-free vulnerability was found in drivers/block/floppy.c in the floppy driver module in the Linux kernel between raw_cmd_ioctl and seek_interrupt. This flaw allows an attacker to cause a denial of service, leading to a leak of internal kernel information.(CVE-2022-1836)
kernel: An out-of-bounds memory read flaw was found in the Linux kernel. The IPv4 Handler component may delete IPv4 routes containing a multipath spec while the fib_info is using a nexthop object. This issue allows a local attacker access to unauthorized data.(CVE-2022-3435)
kernel: There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.(CVE-2022-2318)
kernel: A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.(CVE-2022-1974)
kernel: A flaw was found in the Linux kernel?s nfcmrvl_nci_unregister_dev() function. A race condition leads to a use-after-free issue when simulating the NFC device from the user space.(CVE-2022-1734)
kernel: A use-after-free flaw was found in u32_change in net/sched/cls_u32.c in the network subcomponent of the Linux kernel. This flaw allows a local attacker to crash the system, cause a privilege escalation, and leak kernel information.(CVE-2022-29581)
kernel: An out-of-bounds write flaw was found in the Linux kernel?s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2021-33655)
kernel: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.(CVE-2022-1966)
kernel: A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem.(CVE-2022-2588)
kernel: A flaw was found in the NILFS2 file system implementation in the Linux kernel. If the i_mode field in inode of the metadata files is corrupted on the disk, it can cause the initialization of the bmap structure not being called, resulting in a NULL pointer dereference at nilfs_bmap_lookup_at_level. A user permitted to mount arbitrary file system images could use this flaw to cause a denial of service.(CVE-2022-3621)
kernel: A use-after-free flaw was found in the Linux kernel?s floppy driver implementation. This flaw allows a local attacker to possibly corrupt memory.(CVE-2022-1652)
kernel: A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.(CVE-2022-3635)
kernel: A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation (eIBRS) capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer (RSB) prediction.(CVE-2022-26373)
kernel: A use-after-free flaw was found in bss_ref_get in the net/wireless/scan.c in the Linux kernel. This issue can lead to a denial of service or arbitrary code execution.(CVE-2022-42720)
kernel: A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.(CVE-2022-23816)
kernel: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).(CVE-2022-33740)
kernel: A vulnerability was found in the tcp subsystem in the Linux Kernel, due to a data race around icsk->icsk_af_ops. This issue could allow an attacker to leak internal kernel information.(CVE-2022-3566)
kernel: An out-of-bounds read flaw was found in the Linux kernel?s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.(CVE-2022-1462)
kernel: A use-after-free flaw was found in the io_uring subsystem of the Linux kernel. This issue occurs during the IORING_OP_SPLICE operation due to a missing IO_WQ_WORK_FILES flag, leading to an invalid decrease of its reference counter and later causing the use-after-free vulnerability. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-4696)
kernel: mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.(CVE-2022-41222)
kernel: No description is available for this CVE.(CVE-2022-21505)
kernel: A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.(CVE-2022-3633)
kernel: A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).(CVE-2022-0171)
kernel: A flaw was found in KVM. With shadow paging enabled if INVPCID is executed with CR0.PG=0, the invlpg callback is not set, and the result is a NULL pointer dereference. This flaw allows a guest user to cause a kernel oops condition on the host, resulting in a denial of service.(CVE-2022-1789)
kernel: A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some Intel? Processors may allow an authenticated user to enable information disclosure via local access.(CVE-2022-21125)
kernel: A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Bluetooth if within proximity of the victim.(CVE-2022-42896)
kernel: A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation.(CVE-2022-2586)
kernel: A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to to disclose sensitive information or crash the system, causing a denial of service.(CVE-2022-3586)
kernel: A use-after-free flaw was found in btf_dump_name_dups in tools/lib/bpf/btf_dump.c in libbpf in the Linux Kernel. This issue occurs because the key stored in the hash table name_map is a string address, and the string memory is allocated by realloc() function. When the memory is resized by realloc() later, the old memory may be freed.(CVE-2022-3534)
kernel: Due to the small table perturb size, a flaw was observed in the Linux kernel?s TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service.(CVE-2022-1012)
kernel: A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.(CVE-2022-3521)
kernel: A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.(CVE-2022-3545)
kernel: A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.(CVE-2022-3625)
kernel: A flaw was found in hw. Incomplete cleanup of multi-core shared buffers for some Intel? Processors may allow an authenticated user to enable information disclosure via local access.(CVE-2022-21123)
kernel: Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b(CVE-2022-2503)
kernel: A use-after-free flaw was found in the Linux kernel?s net/sunrpc/xprt.c function in the Remote Procedure Call (SunRPC) protocol. This flaw allows a local attacker to crash the system, leading to a kernel information leak issue.(CVE-2022-28893)
kernel: A use-after-free flaw was found in the Linux kernel?s performance events functionality. A user triggers a race condition in setting up performance monitoring between the leading PERF_TYPE_TRACEPOINT and sub PERF_EVENT_HARDWARE plus the PERF_EVENT_SOFTWARE using the perf_event_open() function with these three types. This flaw allows a local user to crash the system.(CVE-2022-1729)
kernel: A vulnerability was found in intr_callback in drivers/net/usb/r8152.c in the BPF component in the Linux Kernel. The manipulation leads to logging excessive data, where an attack can be launched remotely.(CVE-2022-3594)
kernel: A memory leak flaw was found in the Linux kernel’s IPv6 functionality in how a user triggers the setsockopt of the IPV6_ADDRFORM and IPV6_DSTOPTS type. This flaw allows a user to crash the system if the setsockopt function is being called simultaneously with the IPV6_ADDRFORM type and other processes with the IPV6_DSTOPTS type. This issue is unlikely to happen unless a local process triggers IPV6_ADDRFORM.(CVE-2022-3524)
kernel: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-4378)
kernel: A memory access flaw was found in the Linux kernel?s XEN hypervisor for the virtual machine. This flaw allows a local user to crash the system or potentially escalate their privileges on the system.(CVE-2022-36123)
kernel: A flaw was found in hw. Non-transparent sharing of branch predictor targets between contexts in some Intel(R) processors may potentially allow an authorized user to enable information disclosure via local access.(CVE-2022-29901)
kernel: A memory corruption flaw was found in the Linux kernel?s Netfilter subsystem in the way a local user uses the libnetfilter_queue when analyzing a corrupted network packet. This flaw allows a local user to crash the system or a remote user to crash the system when the libnetfilter_queue is used by a local user.(CVE-2022-36946)
kernel: A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.(CVE-2022-2078)
kernel: A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.(CVE-2022-3629)
kernel: An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.(CVE-2022-39842)
kernel: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).(CVE-2022-26365)
kernel: A data race problem was found in sk->sk_prot in the network subsystem in ipv6 in the Linux kernel. This issue occurs while some functions access critical data, leading to a denial of service.(CVE-2022-3567)
kernel: A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue.(CVE-2022-32250)
kernel: An information leak vulnerability was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_req function. An attacker with physical access within the range of standard Bluetooth transmission could use this flaw to leak kernel pointers via Bluetooth if within proximity of the victim.(CVE-2022-42895)
kernel: A flaw was found in hw. Incomplete cleanup in specific special register write operations for some Intel? Processors may allow an authenticated user to enable information disclosure via local access.(CVE-2022-21166)
kernel: A use-after-free flaw was found in the Linux kernel?s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-1679)
kernel: An information disclosure vulnerability is found in stex_queuecommand_lck() in drivers/scsi/stex.c in the Linux Kernel. This flaw allows a local attacker to disclose sensitive information such as kernel space address.(CVE-2022-40768)
kernel: An out-of-bounds (OOB) memory write flaw was found in the Linux kernel?s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.(CVE-2022-0995)
kernel: A heap buffer overflow flaw was found in the Linux kernel?s Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-34918)
kernel: bugfix
pixman: A flaw was found in cairo's image-compositor.c. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35492)
pixman: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.06.02B5.
© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2
全国服务热线:400-033-0108