Уязвимость CVE-2022-0435: Информация

Описание

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

Важность: HIGH (8,8) Вектор: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-0435
Опубликовано: 25 марта 2022 г.
Изменено: 14 февраля 2023 г.
Идентификатор типа ошибки: CWE-787

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
kernel-image-mpsisyphus5.16.12-alt16.8.8-alt1ALT-PU-2022-1456-1296426Исправлено
kernel-image-mpp106.1.19-alt16.1.19-alt1ALT-PU-2023-4894-3327092Исправлено
kernel-image-rpi-defsisyphus5.15.25-alt15.15.92-alt2ALT-PU-2022-1419-1296090Исправлено
kernel-image-rpi-defp105.15.25-alt15.15.92-alt2ALT-PU-2022-1421-1296181Исправлено
kernel-image-rpi-unsisyphus5.15.25-alt16.6.23-alt1ALT-PU-2022-1441-1296280Исправлено
kernel-image-rpi-unp105.15.28-alt16.1.77-alt1ALT-PU-2022-1540-1296849Исправлено
kernel-image-rtsisyphus5.10.100-alt1.rt626.1.90-alt1.rt30ALT-PU-2022-1289-1295305Исправлено
kernel-image-rtp105.10.100-alt1.rt625.10.216-alt1.rt108ALT-PU-2022-1428-1295376Исправлено
kernel-image-std-defsisyphus5.15.23-alt16.1.90-alt1ALT-PU-2022-1260-1295207Исправлено
kernel-image-std-defp105.10.100-alt15.10.216-alt1ALT-PU-2022-1297-1295213Исправлено
kernel-image-std-defp95.4.179-alt15.4.275-alt1ALT-PU-2022-1301-1295220Исправлено
kernel-image-std-defp84.9.301-alt0.M80P.14.9.337-alt0.M80P.1ALT-PU-2022-1308-1295227Исправлено
kernel-image-std-defc9f25.10.104-alt0.c9f.25.10.214-alt0.c9f.2ALT-PU-2022-1467-1296399Исправлено
kernel-image-std-kvmsisyphus5.10.102-alt15.10.176-alt1ALT-PU-2022-1432-1296283Исправлено
kernel-image-un-defsisyphus5.16.9-alt16.6.30-alt1ALT-PU-2022-1262-1295218Исправлено
kernel-image-un-defsisyphus_riscv645.19.16-alt2.rv646.6.29-alt1.0.portALT-PU-2022-6777-1-Исправлено
kernel-image-un-defp105.15.23-alt16.1.85-alt1ALT-PU-2022-1298-1295209Исправлено
kernel-image-un-defp95.10.100-alt15.10.215-alt1ALT-PU-2022-1300-1295216Исправлено
kernel-image-un-defp84.19.229-alt0.M80P.14.19.310-alt0.M80P.1ALT-PU-2022-1306-1295225Исправлено
kernel-image-un-defc10f15.15.23-alt16.1.85-alt0.c10f.1ALT-PU-2022-1298-1295209Исправлено
kernel-image-xenomaip104.19.229-alt1.cip67.214.19.252-alt1.cip78.23ALT-PU-2022-2096-1301830Исправлено
linux-toolssisyphus_riscv646.0-alt16.8-alt2ALT-PU-2022-6483-1-Исправлено
linux-toolsp106.1-alt0.p10.16.1-alt0.p10.1ALT-PU-2023-4282-2323593Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://www.openwall.com/lists/oss-security/2022/02/10/1
  • Exploit
  • Mailing List
  • Mitigation
  • Patch
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2048738
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20220602-0001/
  • Third Party Advisory

    1. Конфигурация 1

      cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*
      cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*
      cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*
      cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:*
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      4.8
      End excliding
      4.9.301
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      4.10
      End excliding
      4.14.266
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      4.15
      End excliding
      4.19.229
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      4.20
      End excliding
      5.4.179
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      5.5
      End excliding
      5.10.100
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      5.11
      End excliding
      5.15.23
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      5.16
      End excliding
      5.16.9

      Конфигурация 2

      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_eus:8.2:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:8.2:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.0:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:codeready_linux_builder:8.4:*:*:*:*:*:*:*

      Конфигурация 3

      cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

      Конфигурация 4

      cpe:2.3:o:ovirt:node:4.4.10:*:*:*:*:*:*:*

      Конфигурация 5

      cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
      cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

      Конфигурация 6

      cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

      Конфигурация 7

      cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

      Конфигурация 8

      cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

      Конфигурация 9

      cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

      Конфигурация 10

      cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

      Конфигурация 11

      cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

      Конфигурация 12

      cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.5.0
Наверх