pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2022-1810/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

312 lines
15 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20221810",
"Version": "oval:org.altlinux.errata:def:20221810",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-1810: package `kernel-image-std-def` update to version 5.15.37-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-1810",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-1810",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00622",
"RefURL": "https://bdu.fstec.ru/vul/2022-00622",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02362",
"RefURL": "https://bdu.fstec.ru/vul/2022-02362",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03059",
"RefURL": "https://bdu.fstec.ru/vul/2022-03059",
"Source": "BDU"
},
{
"RefID": "BDU:2022-04995",
"RefURL": "https://bdu.fstec.ru/vul/2022-04995",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06399",
"RefURL": "https://bdu.fstec.ru/vul/2022-06399",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06400",
"RefURL": "https://bdu.fstec.ru/vul/2022-06400",
"Source": "BDU"
},
{
"RefID": "BDU:2023-00629",
"RefURL": "https://bdu.fstec.ru/vul/2023-00629",
"Source": "BDU"
},
{
"RefID": "CVE-2022-0500",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0500",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1204",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1204",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1205",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1205",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23222",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23222",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2639",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2639",
"Source": "CVE"
},
{
"RefID": "CVE-2022-29581",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-29581",
"Source": "CVE"
},
{
"RefID": "CVE-2022-3526",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3526",
"Source": "CVE"
},
{
"RefID": "CVE-2022-41858",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-41858",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-def to version 5.15.37-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00622: Уязвимость подсистемы eBPF ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2022-02362: Уязвимость функции BPF_BTF_LOAD() подсистемы eBPF ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании\n\n * BDU:2022-03059: Уязвимость функции u32_change() счетчика ссылок в компоненте net/sched ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии до уровня root\n\n * BDU:2022-04995: Уязвимость функции reserve_sfa_size() модуля openvswitch ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании\n\n * BDU:2022-06399: Уязвимость реализации протокола Amateur Radio AX.25 ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06400: Уязвимость реализации протокола Amateur Radio AX.25 ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-00629: Уязвимость функции sl_tx_timeout() в модуле drivers/net/slip.c драйвера SLIP ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2022-0500: A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernels BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.\n\n * CVE-2022-1204: A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.\n\n * CVE-2022-1205: A NULL pointer dereference flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.\n\n * CVE-2022-23222: kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.\n\n * CVE-2022-2639: An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.\n\n * CVE-2022-29581: Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.\n\n * CVE-2022-3526: A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024.\n\n * CVE-2022-41858: A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-05-04"
},
"Updated": {
"Date": "2022-05-04"
},
"BDUs": [
{
"ID": "BDU:2022-00622",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-476, CWE-763",
"Href": "https://bdu.fstec.ru/vul/2022-00622",
"Impact": "High",
"Public": "20211218"
},
{
"ID": "BDU:2022-02362",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-02362",
"Impact": "High",
"Public": "20211218"
},
{
"ID": "BDU:2022-03059",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416, CWE-911",
"Href": "https://bdu.fstec.ru/vul/2022-03059",
"Impact": "High",
"Public": "20220415"
},
{
"ID": "BDU:2022-04995",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-191, CWE-192, CWE-681, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-04995",
"Impact": "High",
"Public": "20220415"
},
{
"ID": "BDU:2022-06399",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-06399",
"Impact": "Low",
"Public": "20220829"
},
{
"ID": "BDU:2022-06400",
"CVSS": "AV:L/AC:H/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416, CWE-476",
"Href": "https://bdu.fstec.ru/vul/2022-06400",
"Impact": "Low",
"Public": "20220829"
},
{
"ID": "BDU:2023-00629",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-00629",
"Impact": "High",
"Public": "20220406"
}
],
"CVEs": [
{
"ID": "CVE-2022-0500",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0500",
"Impact": "High",
"Public": "20220325"
},
{
"ID": "CVE-2022-1204",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1204",
"Impact": "Low",
"Public": "20220829"
},
{
"ID": "CVE-2022-1205",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1205",
"Impact": "Low",
"Public": "20220831"
},
{
"ID": "CVE-2022-23222",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23222",
"Impact": "High",
"Public": "20220114"
},
{
"ID": "CVE-2022-2639",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-681",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2639",
"Impact": "High",
"Public": "20220901"
},
{
"ID": "CVE-2022-29581",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-29581",
"Impact": "High",
"Public": "20220517"
},
{
"ID": "CVE-2022-3526",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3526",
"Impact": "High",
"Public": "20221016"
},
{
"ID": "CVE-2022-41858",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-41858",
"Impact": "High",
"Public": "20230117"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20221810001",
"Comment": "kernel-doc-std is earlier than 2:5.15.37-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221810002",
"Comment": "kernel-headers-modules-std-def is earlier than 2:5.15.37-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221810003",
"Comment": "kernel-headers-std-def is earlier than 2:5.15.37-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221810004",
"Comment": "kernel-image-domU-std-def is earlier than 2:5.15.37-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221810005",
"Comment": "kernel-image-std-def is earlier than 2:5.15.37-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221810006",
"Comment": "kernel-image-std-def-checkinstall is earlier than 2:5.15.37-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221810007",
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.15.37-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221810008",
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.15.37-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221810009",
"Comment": "kernel-modules-drm-std-def is earlier than 2:5.15.37-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221810010",
"Comment": "kernel-modules-staging-std-def is earlier than 2:5.15.37-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink