pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2022-1057/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

127 lines
5.0 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20221057",
"Version": "oval:org.altlinux.errata:def:20221057",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-1057: package `kernel-image-std-kvm` update to version 5.10.91-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-1057",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-1057",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00680",
"RefURL": "https://bdu.fstec.ru/vul/2022-00680",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03368",
"RefURL": "https://bdu.fstec.ru/vul/2022-03368",
"Source": "BDU"
},
{
"RefID": "CVE-2021-22600",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-22600",
"Source": "CVE"
},
{
"RefID": "CVE-2022-0998",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0998",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-kvm to version 5.10.91-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00680: Уязвимость функции package_set_ring компонента net/packet/af_packet.c ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии в системе или вызвать отказ в обслуживании\n\n * BDU:2022-03368: Уязвимость функции vhost_vdpa_config_validate() ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании\n\n * CVE-2021-22600: A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755\n\n * CVE-2022-0998: An integer overflow flaw was found in the Linux kernels virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-01-14"
},
"Updated": {
"Date": "2022-01-14"
},
"BDUs": [
{
"ID": "BDU:2022-00680",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://bdu.fstec.ru/vul/2022-00680",
"Impact": "High",
"Public": "20211215"
},
{
"ID": "BDU:2022-03368",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-03368",
"Impact": "High",
"Public": "20220330"
}
],
"CVEs": [
{
"ID": "CVE-2021-22600",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-22600",
"Impact": "High",
"Public": "20220126"
},
{
"ID": "CVE-2022-0998",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0998",
"Impact": "High",
"Public": "20220330"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20221057001",
"Comment": "kernel-image-std-kvm is earlier than 0:5.10.91-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink