pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
26379462a9
vuln-list-alt/oval/c10f1/ALT-PU-2022-2344/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

329 lines
16 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20222344",
"Version": "oval:org.altlinux.errata:def:20222344",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-2344: package `kernel-image-xenomai` update to version 4.19.252-alt1.cip78.23",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-2344",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2344",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-02367",
"RefURL": "https://bdu.fstec.ru/vul/2022-02367",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03004",
"RefURL": "https://bdu.fstec.ru/vul/2022-03004",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03059",
"RefURL": "https://bdu.fstec.ru/vul/2022-03059",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03283",
"RefURL": "https://bdu.fstec.ru/vul/2022-03283",
"Source": "BDU"
},
{
"RefID": "BDU:2022-04244",
"RefURL": "https://bdu.fstec.ru/vul/2022-04244",
"Source": "BDU"
},
{
"RefID": "BDU:2022-04995",
"RefURL": "https://bdu.fstec.ru/vul/2022-04995",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05852",
"RefURL": "https://bdu.fstec.ru/vul/2022-05852",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05855",
"RefURL": "https://bdu.fstec.ru/vul/2022-05855",
"Source": "BDU"
},
{
"RefID": "BDU:2023-00629",
"RefURL": "https://bdu.fstec.ru/vul/2023-00629",
"Source": "BDU"
},
{
"RefID": "CVE-2021-4197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-4197",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1652",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1652",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2639",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2639",
"Source": "CVE"
},
{
"RefID": "CVE-2022-29581",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-29581",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2977",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2977",
"Source": "CVE"
},
{
"RefID": "CVE-2022-30594",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-30594",
"Source": "CVE"
},
{
"RefID": "CVE-2022-32250",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-32250",
"Source": "CVE"
},
{
"RefID": "CVE-2022-3239",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3239",
"Source": "CVE"
},
{
"RefID": "CVE-2022-41858",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-41858",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-xenomai to version 4.19.252-alt1.cip78.23. \nSecurity Fix(es):\n\n * BDU:2022-02367: Уязвимость ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2022-03004: Уязвимость системного вызова PTRACE_SEIZE безопасного режима вычислений seccomp ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2022-03059: Уязвимость функции u32_change() счетчика ссылок в компоненте net/sched ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии до уровня root\n\n * BDU:2022-03283: Уязвимость функции nft_expr_init программного обеспечения фильтрации пакетов Netfilter ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии до уровня root\n\n * BDU:2022-04244: Уязвимость функции bad_flp_intr ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-04995: Уязвимость функции reserve_sfa_size() модуля openvswitch ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании\n\n * BDU:2022-05852: Уязвимость реализации прокси-виртуализированных TPM-устройств ядра операционной системы Linux, позволяющая нарушителю повысить привилегии в системе\n\n * BDU:2022-05855: Уязвимость функции em28xx_usb_probe драйвера video4linux ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2023-00629: Уязвимость функции sl_tx_timeout() в модуле drivers/net/slip.c драйвера SLIP ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-4197: An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.\n\n * CVE-2022-1652: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.\n\n * CVE-2022-2639: An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.\n\n * CVE-2022-29581: Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.\n\n * CVE-2022-2977: A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.\n\n * CVE-2022-30594: The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.\n\n * CVE-2022-32250: net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.\n\n * CVE-2022-3239: A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.\n\n * CVE-2022-41858: A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-08-04"
},
"Updated": {
"Date": "2022-08-04"
},
"BDUs": [
{
"ID": "BDU:2022-02367",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-287",
"Href": "https://bdu.fstec.ru/vul/2022-02367",
"Impact": "High",
"Public": "20220106"
},
{
"ID": "BDU:2022-03004",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-275, CWE-862, CWE-863",
"Href": "https://bdu.fstec.ru/vul/2022-03004",
"Impact": "High",
"Public": "20220512"
},
{
"ID": "BDU:2022-03059",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416, CWE-911",
"Href": "https://bdu.fstec.ru/vul/2022-03059",
"Impact": "High",
"Public": "20220415"
},
{
"ID": "BDU:2022-03283",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-03283",
"Impact": "High",
"Public": "20220526"
},
{
"ID": "BDU:2022-04244",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-04244",
"Impact": "High",
"Public": "20220602"
},
{
"ID": "BDU:2022-04995",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-191, CWE-192, CWE-681, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-04995",
"Impact": "High",
"Public": "20220415"
},
{
"ID": "BDU:2022-05852",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-05852",
"Impact": "High",
"Public": "20220308"
},
{
"ID": "BDU:2022-05855",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-05855",
"Impact": "High",
"Public": "20220222"
},
{
"ID": "BDU:2023-00629",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-00629",
"Impact": "High",
"Public": "20220406"
}
],
"CVEs": [
{
"ID": "CVE-2021-4197",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-287",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-4197",
"Impact": "High",
"Public": "20220323"
},
{
"ID": "CVE-2022-1652",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1652",
"Impact": "High",
"Public": "20220602"
},
{
"ID": "CVE-2022-2639",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-681",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2639",
"Impact": "High",
"Public": "20220901"
},
{
"ID": "CVE-2022-29581",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-29581",
"Impact": "High",
"Public": "20220517"
},
{
"ID": "CVE-2022-2977",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2977",
"Impact": "High",
"Public": "20220914"
},
{
"ID": "CVE-2022-30594",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-30594",
"Impact": "High",
"Public": "20220512"
},
{
"ID": "CVE-2022-32250",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-32250",
"Impact": "High",
"Public": "20220602"
},
{
"ID": "CVE-2022-3239",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3239",
"Impact": "High",
"Public": "20220919"
},
{
"ID": "CVE-2022-41858",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-41858",
"Impact": "High",
"Public": "20230117"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20222344001",
"Comment": "kernel-headers-modules-xenomai is earlier than 0:4.19.252-alt1.cip78.23"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222344002",
"Comment": "kernel-headers-xenomai is earlier than 0:4.19.252-alt1.cip78.23"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222344003",
"Comment": "kernel-image-xenomai is earlier than 0:4.19.252-alt1.cip78.23"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink