Errata ALT-PU-2022-2567-1: Information
Fixes
Published: Sept. 16, 2022
BDU:2022-05794
Уязвимость функций Signalfd_poll() и binder_poll() ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 5, 2022
BDU:2022-07365
Уязвимость подсистемы XFRM ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код, вызвать отказ в обслуживании или оказать другое воздействие на систему
Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 31, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-3028
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5
- [debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- https://security.netapp.com/advisory/ntap-20230214-0004/
- https://lore.kernel.org/all/YtoWqEkKzvimzWS5%40gondor.apana.org.au/T/
- FEDORA-2022-6835ddb6d8
- FEDORA-2022-35c14ba5bb
- FEDORA-2022-ccb0138bb6
Published: Sept. 16, 2022
Modified: April 11, 2023
Modified: April 11, 2023
CVE-2022-3176
There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://kernel.dance/#fc78b2fc21f10c4c9c4d5d659a685710ffa63659
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?h=linux-5.4.y&id=fc78b2fc21f10c4c9c4d5d659a685710ffa63659
- DSA-5257
- [debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update
- https://security.netapp.com/advisory/ntap-20230216-0003/