vuln-list-alt/oval/p11/ALT-PU-2022-1531/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20221531",
      "Version": "oval:org.altlinux.errata:def:20221531",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2022-1531: package `kernel-image-centos` update to version 5.14.0.73-alt1.el9",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2022-1531",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2022-1531",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2022-01166",
            "RefURL": "https://bdu.fstec.ru/vul/2022-01166",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2022-0516",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0516",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2022-0847",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0847",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades kernel-image-centos to version 5.14.0.73-alt1.el9. \nSecurity Fix(es):\n\n * BDU:2022-01166: Уязвимость функций copy_page_to_iter_pipe и push_pipe ядра операционной системы Linux, позволяющая нарушителю перезаписать содержимое страничного кэша произвольных файлов\n\n * CVE-2022-0516: A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.\n\n * CVE-2022-0847: A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2022-03-21"
          },
          "Updated": {
            "Date": "2022-03-21"
          },
          "BDUs": [
            {
              "ID": "BDU:2022-01166",
              "CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
              "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-281, CWE-665",
              "Href": "https://bdu.fstec.ru/vul/2022-01166",
              "Impact": "High",
              "Public": "20220307"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2022-0516",
              "CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "NVD-CWE-noinfo",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0516",
              "Impact": "High",
              "Public": "20220310"
            },
            {
              "ID": "CVE-2022-0847",
              "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-665",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0847",
              "Impact": "High",
              "Public": "20220310"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20221531001",
                "Comment": "kernel-headers-centos is earlier than 0:5.14.0.73-alt1.el9"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20221531002",
                "Comment": "kernel-headers-modules-centos is earlier than 0:5.14.0.73-alt1.el9"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20221531003",
                "Comment": "kernel-image-centos is earlier than 0:5.14.0.73-alt1.el9"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20221531004",
                "Comment": "kernel-modules-alsa-centos is earlier than 0:5.14.0.73-alt1.el9"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20221531005",
                "Comment": "kernel-modules-drm-centos is earlier than 0:5.14.0.73-alt1.el9"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20221531006",
                "Comment": "kernel-modules-media-centos is earlier than 0:5.14.0.73-alt1.el9"
              }
            ]
          }
        ]
      }
    }
  ]
}