vuln-list-alt/oval/p11/ALT-PU-2022-3061/definitions.json
2024-12-12 21:07:30 +00:00

297 lines
15 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20223061",
"Version": "oval:org.altlinux.errata:def:20223061",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-3061: package `kernel-image-std-kvm` update to version 5.10.154-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-3061",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-3061",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-06272",
"RefURL": "https://bdu.fstec.ru/vul/2022-06272",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06273",
"RefURL": "https://bdu.fstec.ru/vul/2022-06273",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06274",
"RefURL": "https://bdu.fstec.ru/vul/2022-06274",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06550",
"RefURL": "https://bdu.fstec.ru/vul/2022-06550",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06620",
"RefURL": "https://bdu.fstec.ru/vul/2022-06620",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07074",
"RefURL": "https://bdu.fstec.ru/vul/2022-07074",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07349",
"RefURL": "https://bdu.fstec.ru/vul/2022-07349",
"Source": "BDU"
},
{
"RefID": "BDU:2023-00631",
"RefURL": "https://bdu.fstec.ru/vul/2023-00631",
"Source": "BDU"
},
{
"RefID": "CVE-2022-2978",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2978",
"Source": "CVE"
},
{
"RefID": "CVE-2022-3565",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3565",
"Source": "CVE"
},
{
"RefID": "CVE-2022-3640",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3640",
"Source": "CVE"
},
{
"RefID": "CVE-2022-3649",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3649",
"Source": "CVE"
},
{
"RefID": "CVE-2022-41674",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-41674",
"Source": "CVE"
},
{
"RefID": "CVE-2022-42719",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42719",
"Source": "CVE"
},
{
"RefID": "CVE-2022-42720",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42720",
"Source": "CVE"
},
{
"RefID": "CVE-2022-42896",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42896",
"Source": "CVE"
},
{
"RefID": "CVE-2022-43750",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-43750",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-kvm to version 5.10.154-alt1. \nSecurity Fix(es):\n\n * BDU:2022-06272: Уязвимость функции cfg80211_update_notlisted_nontrans файла net/wireless/scan.c ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-06273: Уязвимость функционала подсчета ссылок в режиме BSS (Basic Service Set) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-06274: Уязвимость ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-06550: Уязвимость функции l2cap_conn_del() (net/bluetooth/l2cap_core.c) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-06620: Уязвимость функции del_timer компонента drivers/isdn/mISDN/l1oip_core.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-07074: Уязвимость функций l2cap_connect и l2cap_le_connect_req (net/bluetooth/l2cap_core.c) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-07349: Уязвимость драйвера drivers/usb/mon/mon_bin.c ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-00631: Уязвимость функции nilfs_new_inode компонента BPF ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2022-2978: A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.\n\n * CVE-2022-3565: A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.\n\n * CVE-2022-3640: A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.\n\n * CVE-2022-3649: A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.\n\n * CVE-2022-41674: An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.\n\n * CVE-2022-42719: A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.\n\n * CVE-2022-42720: Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.\n\n * CVE-2022-42896: There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.\n\nWe recommend upgrading past commit  https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url \n\n\n\n * CVE-2022-43750: drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-11-11"
},
"Updated": {
"Date": "2022-11-11"
},
"BDUs": [
{
"ID": "BDU:2022-06272",
"CVSS": "AV:A/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-120, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-06272",
"Impact": "High",
"Public": "20221010"
},
{
"ID": "BDU:2022-06273",
"CVSS": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-06273",
"Impact": "High",
"Public": "20221010"
},
{
"ID": "BDU:2022-06274",
"CVSS": "AV:A/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-06274",
"Impact": "High",
"Public": "20221010"
},
{
"ID": "BDU:2022-06550",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-06550",
"Impact": "High",
"Public": "20221021"
},
{
"ID": "BDU:2022-06620",
"CVSS": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-06620",
"Impact": "High",
"Public": "20211017"
},
{
"ID": "BDU:2022-07074",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-07074",
"Impact": "High",
"Public": "20221123"
},
{
"ID": "BDU:2022-07349",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-07349",
"Impact": "High",
"Public": "20221026"
},
{
"ID": "BDU:2023-00631",
"CVSS": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-00631",
"Impact": "High",
"Public": "20221011"
}
],
"CVEs": [
{
"ID": "CVE-2022-2978",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2978",
"Impact": "High",
"Public": "20220824"
},
{
"ID": "CVE-2022-3565",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-662",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3565",
"Impact": "High",
"Public": "20221017"
},
{
"ID": "CVE-2022-3640",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3640",
"Impact": "High",
"Public": "20221021"
},
{
"ID": "CVE-2022-3649",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3649",
"Impact": "High",
"Public": "20221021"
},
{
"ID": "CVE-2022-41674",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-41674",
"Impact": "High",
"Public": "20221014"
},
{
"ID": "CVE-2022-42719",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42719",
"Impact": "High",
"Public": "20221013"
},
{
"ID": "CVE-2022-42720",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42720",
"Impact": "High",
"Public": "20221014"
},
{
"ID": "CVE-2022-42896",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42896",
"Impact": "High",
"Public": "20221123"
},
{
"ID": "CVE-2022-43750",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-43750",
"Impact": "Low",
"Public": "20221026"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20223061001",
"Comment": "kernel-image-std-kvm is earlier than 0:5.10.154-alt1"
}
]
}
]
}
}
]
}