{ "Definition": [ { "ID": "oval:org.altlinux.errata:def:20231378", "Version": "oval:org.altlinux.errata:def:20231378", "Class": "patch", "Metadata": { "Title": "ALT-PU-2023-1378: package `kernel-image-std-def` update to version 5.10.170-alt0.c9f.2", "AffectedList": [ { "Family": "unix", "Platforms": [ "ALT Linux branch c9f2" ], "Products": [ "ALT SPWorkstation", "ALT SPServer" ] } ], "References": [ { "RefID": "ALT-PU-2023-1378", "RefURL": "https://errata.altlinux.org/ALT-PU-2023-1378", "Source": "ALTPU" }, { "RefID": "BDU:2022-07218", "RefURL": "https://bdu.fstec.ru/vul/2022-07218", "Source": "BDU" }, { "RefID": "BDU:2022-07336", "RefURL": "https://bdu.fstec.ru/vul/2022-07336", "Source": "BDU" }, { "RefID": "BDU:2022-07505", "RefURL": "https://bdu.fstec.ru/vul/2022-07505", "Source": "BDU" }, { "RefID": "BDU:2022-07506", "RefURL": "https://bdu.fstec.ru/vul/2022-07506", "Source": "BDU" }, { "RefID": "BDU:2022-07508", "RefURL": "https://bdu.fstec.ru/vul/2022-07508", "Source": "BDU" }, { "RefID": "BDU:2023-00061", "RefURL": "https://bdu.fstec.ru/vul/2023-00061", "Source": "BDU" }, { "RefID": "BDU:2023-00359", "RefURL": "https://bdu.fstec.ru/vul/2023-00359", "Source": "BDU" }, { "RefID": "BDU:2023-00361", "RefURL": "https://bdu.fstec.ru/vul/2023-00361", "Source": "BDU" }, { "RefID": "BDU:2023-01196", "RefURL": "https://bdu.fstec.ru/vul/2023-01196", "Source": "BDU" }, { "RefID": "BDU:2023-01200", "RefURL": "https://bdu.fstec.ru/vul/2023-01200", "Source": "BDU" }, { "RefID": "BDU:2023-01205", "RefURL": "https://bdu.fstec.ru/vul/2023-01205", "Source": "BDU" }, { "RefID": "BDU:2023-01571", "RefURL": "https://bdu.fstec.ru/vul/2023-01571", "Source": "BDU" }, { "RefID": "BDU:2023-02532", "RefURL": "https://bdu.fstec.ru/vul/2023-02532", "Source": "BDU" }, { "RefID": "CVE-2022-3424", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3424", "Source": "CVE" }, { "RefID": "CVE-2022-3545", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3545", "Source": "CVE" }, { "RefID": "CVE-2022-4139", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-4139", "Source": "CVE" }, { "RefID": "CVE-2022-4378", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-4378", "Source": "CVE" }, { "RefID": "CVE-2022-45934", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-45934", "Source": "CVE" }, { "RefID": "CVE-2022-47518", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-47518", "Source": "CVE" }, { "RefID": "CVE-2022-47519", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-47519", "Source": "CVE" }, { "RefID": "CVE-2022-47521", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-47521", "Source": "CVE" }, { "RefID": "CVE-2023-0459", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0459", "Source": "CVE" }, { "RefID": "CVE-2023-0461", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0461", "Source": "CVE" }, { "RefID": "CVE-2023-1078", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-1078", "Source": "CVE" }, { "RefID": "CVE-2023-1281", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-1281", "Source": "CVE" }, { "RefID": "CVE-2023-23586", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-23586", "Source": "CVE" } ], "Description": "This update upgrades kernel-image-std-def to version 5.10.170-alt0.c9f.2. \nSecurity Fix(es):\n\n * BDU:2022-07218: Уязвимость функции l2cap_config_req (net/bluetooth/l2cap_core.c) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-07336: Уязвимость функции __do_proc_dointvec ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии\n\n * BDU:2022-07505: Уязвимость драйвера беспроводной сети WILC1000 ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2022-07506: Уязвимость драйвера беспроводной сети WILC1000 ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2022-07508: Уязвимость драйвера беспроводной сети WILC1000 ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2023-00061: Уязвимость драйвера GPU i915 ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании\n\n * BDU:2023-00359: Уязвимость драйвера drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-00361: Уязвимость функций gru_set_context_option(), gru_fault() и gru_handle_user_call_os() драйвера SGI GRU ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии\n\n * BDU:2023-01196: Уязвимость модуля io_uring.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2023-01200: Уязвимость реализации протокола Upper Level Protocol (ULP) ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии, выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2023-01205: Уязвимость функции rds_rm_zerocopy_callback() в модуле net/rds/message.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-01571: Уязвимость функции tcf_exts_exec() фильтра индексирования системы контроля трафика tcindex ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2023-02532: Уязвимость функции _copy_from_user() в модуле lib/usercopy.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию\n\n * CVE-2022-3424: A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.\n\n * CVE-2022-3545: A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.\n\n * CVE-2022-4139: An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.\n\n * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.\n\n * CVE-2022-45934: An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.\n\n * CVE-2022-47518: An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.\n\n * CVE-2022-47519: An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.\n\n * CVE-2022-47521: An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames.\n\n * CVE-2023-0459: Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47\n\n * CVE-2023-0461: There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege.\n\nThere is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock.\n\nWhen CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\n\nThe setsockopt TCP_ULP operation does not require any privilege.\n\nWe recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c\n\n * CVE-2023-1078: A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.\n\n * CVE-2023-1281: Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root.\nThis issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.\n\n\n\n * CVE-2023-23586: Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit  788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring \n", "Advisory": { "From": "errata.altlinux.org", "Severity": "High", "Rights": "Copyright 2024 BaseALT Ltd.", "Issued": { "Date": "2023-03-02" }, "Updated": { "Date": "2023-03-02" }, "bdu": [ { "Cvss": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "Cvss3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-190", "Href": "https://bdu.fstec.ru/vul/2022-07218", "Impact": "High", "Public": "20221121", "CveID": "BDU:2022-07218" }, { "Cvss": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "Cvss3": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-474", "Href": "https://bdu.fstec.ru/vul/2022-07336", "Impact": "High", "Public": "20221116", "CveID": "BDU:2022-07336" }, { "Cvss": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "Cvss3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-787", "Href": "https://bdu.fstec.ru/vul/2022-07505", "Impact": "High", "Public": "20221124", "CveID": "BDU:2022-07505" }, { "Cvss": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "Cvss3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-787", "Href": "https://bdu.fstec.ru/vul/2022-07506", "Impact": "High", "Public": "20221124", "CveID": "BDU:2022-07506" }, { "Cvss": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "Cvss3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-787", "Href": "https://bdu.fstec.ru/vul/2022-07508", "Impact": "High", "Public": "20221124", "CveID": "BDU:2022-07508" }, { "Cvss": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "Cvss3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-281, CWE-401", "Href": "https://bdu.fstec.ru/vul/2023-00061", "Impact": "High", "Public": "20221130", "CveID": "BDU:2023-00061" }, { "Cvss": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "Cvss3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-119, CWE-416", "Href": "https://bdu.fstec.ru/vul/2023-00359", "Impact": "High", "Public": "20220811", "CveID": "BDU:2023-00359" }, { "Cvss": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "Cvss3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2023-00361", "Impact": "High", "Public": "20221123", "CveID": "BDU:2023-00361" }, { "Cvss": "AV:L/AC:L/Au:S/C:C/I:N/A:N", "Cvss3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Cwe": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2023-01196", "Impact": "Low", "Public": "20210221", "CveID": "BDU:2023-01196" }, { "Cvss": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "Cvss3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2023-01200", "Impact": "High", "Public": "20230104", "CveID": "BDU:2023-01200" }, { "Cvss": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "Cvss3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-476, CWE-787, CWE-843", "Href": "https://bdu.fstec.ru/vul/2023-01205", "Impact": "High", "Public": "20230209", "CveID": "BDU:2023-01205" }, { "Cvss": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "Cvss3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2023-01571", "Impact": "High", "Public": "20230322", "CveID": "BDU:2023-01571" }, { "Cvss": "AV:L/AC:L/Au:S/C:C/I:N/A:N", "Cvss3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Cwe": "CWE-200, CWE-203, CWE-264, CWE-763", "Href": "https://bdu.fstec.ru/vul/2023-02532", "Impact": "Low", "Public": "20230221", "CveID": "BDU:2023-02532" } ], "Cves": [ { "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3424", "Impact": "High", "Public": "20230306", "CveID": "CVE-2022-3424" }, { "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-119", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3545", "Impact": "High", "Public": "20221017", "CveID": "CVE-2022-3545" }, { "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-401", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-4139", "Impact": "High", "Public": "20230127", "CveID": "CVE-2022-4139" }, { "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-4378", "Impact": "High", "Public": "20230105", "CveID": "CVE-2022-4378" }, { "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-190", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-45934", "Impact": "High", "Public": "20221127", "CveID": "CVE-2022-45934" }, { "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-47518", "Impact": "High", "Public": "20221218", "CveID": "CVE-2022-47518" }, { "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-47519", "Impact": "High", "Public": "20221218", "CveID": "CVE-2022-47519" }, { "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-47521", "Impact": "High", "Public": "20221218", "CveID": "CVE-2022-47521" }, { "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Cwe": "CWE-763", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-0459", "Impact": "Low", "Public": "20230525", "CveID": "CVE-2023-0459" }, { "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-0461", "Impact": "High", "Public": "20230228", "CveID": "CVE-2023-0461" }, { "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-843", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-1078", "Impact": "High", "Public": "20230327", "CveID": "CVE-2023-1078" }, { "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Cwe": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-1281", "Impact": "High", "Public": "20230322", "CveID": "CVE-2023-1281" }, { "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Cwe": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-23586", "Impact": "Low", "Public": "20230217", "CveID": "CVE-2023-23586" } ], "AffectedCpeList": { "Cpe": [ "cpe:/o:alt:spworkstation:8.4", "cpe:/o:alt:spserver:8.4" ] } } }, "Criteria": { "Operator": "AND", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:3001", "Comment": "ALT Linux must be installed" } ], "Criterias": [ { "Operator": "OR", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:20231378001", "Comment": "kernel-doc-std is earlier than 2:5.10.170-alt0.c9f.2" }, { "TestRef": "oval:org.altlinux.errata:tst:20231378002", "Comment": "kernel-headers-modules-std-def is earlier than 2:5.10.170-alt0.c9f.2" }, { "TestRef": "oval:org.altlinux.errata:tst:20231378003", "Comment": "kernel-headers-std-def is earlier than 2:5.10.170-alt0.c9f.2" }, { "TestRef": "oval:org.altlinux.errata:tst:20231378004", "Comment": "kernel-image-domU-std-def is earlier than 2:5.10.170-alt0.c9f.2" }, { "TestRef": "oval:org.altlinux.errata:tst:20231378005", "Comment": "kernel-image-std-def is earlier than 2:5.10.170-alt0.c9f.2" }, { "TestRef": "oval:org.altlinux.errata:tst:20231378006", "Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.10.170-alt0.c9f.2" }, { "TestRef": "oval:org.altlinux.errata:tst:20231378007", "Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.10.170-alt0.c9f.2" }, { "TestRef": "oval:org.altlinux.errata:tst:20231378008", "Comment": "kernel-modules-drm-std-def is earlier than 2:5.10.170-alt0.c9f.2" }, { "TestRef": "oval:org.altlinux.errata:tst:20231378009", "Comment": "kernel-modules-ide-std-def is earlier than 2:5.10.170-alt0.c9f.2" }, { "TestRef": "oval:org.altlinux.errata:tst:20231378010", "Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.10.170-alt0.c9f.2" }, { "TestRef": "oval:org.altlinux.errata:tst:20231378011", "Comment": "kernel-modules-staging-std-def is earlier than 2:5.10.170-alt0.c9f.2" } ] } ] } } ] }