vuln-list-alt/oval/p11/ALT-PU-2022-2848/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20222848",
      "Version": "oval:org.altlinux.errata:def:20222848",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2022-2848: package `kernel-image-un-def` update to version 5.19.16-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2022-2848",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2022-2848",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2022-06272",
            "RefURL": "https://bdu.fstec.ru/vul/2022-06272",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2022-06273",
            "RefURL": "https://bdu.fstec.ru/vul/2022-06273",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2022-06274",
            "RefURL": "https://bdu.fstec.ru/vul/2022-06274",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2022-07350",
            "RefURL": "https://bdu.fstec.ru/vul/2022-07350",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2022-07351",
            "RefURL": "https://bdu.fstec.ru/vul/2022-07351",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2023-00631",
            "RefURL": "https://bdu.fstec.ru/vul/2023-00631",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2022-3649",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3649",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2022-3977",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3977",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2022-41674",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-41674",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2022-42719",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42719",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2022-42720",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42720",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2022-42721",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42721",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2022-42722",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42722",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades kernel-image-un-def to version 5.19.16-alt1. \nSecurity Fix(es):\n\n * BDU:2022-06272: Уязвимость функции cfg80211_update_notlisted_nontrans файла net/wireless/scan.c ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-06273: Уязвимость функционала подсчета ссылок в режиме BSS (Basic Service Set) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-06274: Уязвимость ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-07350: Уязвимость функционала подсчета ссылок в режиме BSS (Basic Service Set) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-07351: Уязвимость ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-00631: Уязвимость функции nilfs_new_inode компонента BPF ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2022-3649: A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.\n\n * CVE-2022-3977: A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system.\n\n * CVE-2022-41674: An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.\n\n * CVE-2022-42719: A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.\n\n * CVE-2022-42720: Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.\n\n * CVE-2022-42721: A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.\n\n * CVE-2022-42722: In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2022-10-15"
          },
          "Updated": {
            "Date": "2022-10-15"
          },
          "BDUs": [
            {
              "ID": "BDU:2022-06272",
              "CVSS": "AV:A/AC:L/Au:S/C:C/I:N/A:C",
              "CVSS3": "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "CWE": "CWE-120, CWE-787",
              "Href": "https://bdu.fstec.ru/vul/2022-06272",
              "Impact": "High",
              "Public": "20221010"
            },
            {
              "ID": "BDU:2022-06273",
              "CVSS": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
              "CVSS3": "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "CWE": "CWE-416",
              "Href": "https://bdu.fstec.ru/vul/2022-06273",
              "Impact": "High",
              "Public": "20221010"
            },
            {
              "ID": "BDU:2022-06274",
              "CVSS": "AV:A/AC:L/Au:S/C:C/I:N/A:C",
              "CVSS3": "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "CWE": "CWE-416",
              "Href": "https://bdu.fstec.ru/vul/2022-06274",
              "Impact": "High",
              "Public": "20221010"
            },
            {
              "ID": "BDU:2022-07350",
              "CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
              "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-835",
              "Href": "https://bdu.fstec.ru/vul/2022-07350",
              "Impact": "Low",
              "Public": "20221013"
            },
            {
              "ID": "BDU:2022-07351",
              "CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
              "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-476",
              "Href": "https://bdu.fstec.ru/vul/2022-07351",
              "Impact": "Low",
              "Public": "20221013"
            },
            {
              "ID": "BDU:2023-00631",
              "CVSS": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
              "CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-119, CWE-416",
              "Href": "https://bdu.fstec.ru/vul/2023-00631",
              "Impact": "High",
              "Public": "20221011"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2022-3649",
              "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3649",
              "Impact": "High",
              "Public": "20221021"
            },
            {
              "ID": "CVE-2022-3977",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3977",
              "Impact": "High",
              "Public": "20230112"
            },
            {
              "ID": "CVE-2022-41674",
              "CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "CWE": "CWE-787",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-41674",
              "Impact": "High",
              "Public": "20221014"
            },
            {
              "ID": "CVE-2022-42719",
              "CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42719",
              "Impact": "High",
              "Public": "20221013"
            },
            {
              "ID": "CVE-2022-42720",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42720",
              "Impact": "High",
              "Public": "20221014"
            },
            {
              "ID": "CVE-2022-42721",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-835",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42721",
              "Impact": "Low",
              "Public": "20221014"
            },
            {
              "ID": "CVE-2022-42722",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-476",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42722",
              "Impact": "Low",
              "Public": "20221014"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222848001",
                "Comment": "kernel-doc-un is earlier than 1:5.19.16-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222848002",
                "Comment": "kernel-headers-modules-un-def is earlier than 1:5.19.16-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222848003",
                "Comment": "kernel-headers-un-def is earlier than 1:5.19.16-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222848004",
                "Comment": "kernel-image-domU-un-def is earlier than 1:5.19.16-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222848005",
                "Comment": "kernel-image-un-def is earlier than 1:5.19.16-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222848006",
                "Comment": "kernel-image-un-def-checkinstall is earlier than 1:5.19.16-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222848007",
                "Comment": "kernel-modules-drm-ancient-un-def is earlier than 1:5.19.16-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222848008",
                "Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:5.19.16-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222848009",
                "Comment": "kernel-modules-drm-un-def is earlier than 1:5.19.16-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222848010",
                "Comment": "kernel-modules-staging-un-def is earlier than 1:5.19.16-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}