pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2022-3094/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

171 lines
7.3 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20223094",
"Version": "oval:org.altlinux.errata:def:20223094",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-3094: package `kernel-image-std-def` update to version 5.10.154-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-3094",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-3094",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-06550",
"RefURL": "https://bdu.fstec.ru/vul/2022-06550",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07074",
"RefURL": "https://bdu.fstec.ru/vul/2022-07074",
"Source": "BDU"
},
{
"RefID": "CVE-2022-3640",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3640",
"Source": "CVE"
},
{
"RefID": "CVE-2022-42896",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42896",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-def to version 5.10.154-alt1. \nSecurity Fix(es):\n\n * BDU:2022-06550: Уязвимость функции l2cap_conn_del() (net/bluetooth/l2cap_core.c) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-07074: Уязвимость функций l2cap_connect и l2cap_le_connect_req (net/bluetooth/l2cap_core.c) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2022-3640: A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.\n\n * CVE-2022-42896: There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.\n\nWe recommend upgrading past commit  https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url \n\n",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-11-16"
},
"Updated": {
"Date": "2022-11-16"
},
"BDUs": [
{
"ID": "BDU:2022-06550",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-06550",
"Impact": "High",
"Public": "20221020"
},
{
"ID": "BDU:2022-07074",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-07074",
"Impact": "High",
"Public": "20221123"
}
],
"CVEs": [
{
"ID": "CVE-2022-3640",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3640",
"Impact": "High",
"Public": "20221021"
},
{
"ID": "CVE-2022-42896",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42896",
"Impact": "High",
"Public": "20221123"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20223094001",
"Comment": "kernel-doc-std is earlier than 2:5.10.154-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223094002",
"Comment": "kernel-headers-modules-std-def is earlier than 2:5.10.154-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223094003",
"Comment": "kernel-headers-std-def is earlier than 2:5.10.154-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223094004",
"Comment": "kernel-image-domU-std-def is earlier than 2:5.10.154-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223094005",
"Comment": "kernel-image-std-def is earlier than 2:5.10.154-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223094006",
"Comment": "kernel-image-std-def-checkinstall is earlier than 2:5.10.154-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223094007",
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.10.154-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223094008",
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.10.154-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223094009",
"Comment": "kernel-modules-drm-std-def is earlier than 2:5.10.154-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223094010",
"Comment": "kernel-modules-ide-std-def is earlier than 2:5.10.154-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223094011",
"Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.10.154-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223094012",
"Comment": "kernel-modules-staging-std-def is earlier than 2:5.10.154-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink