Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-42328 (GCVE-0-2022-42328)
Vulnerability from cvelistv5 – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:26
VLAI?
EPSS
Summary
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
Severity ?
No CVSS data available.
CWE
- unknown
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-424.txt"
},
{
"name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/08/3"
},
{
"name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/08/2"
},
{
"name": "[oss-security] 20221209 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/09/2"
},
{
"name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
},
{
"name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:25:41.282586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:26:39.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-424"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329)."
}
],
"metrics": [
{
"other": {
"content": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious guest could cause Denial of Service (DoS) of the host via\nthe paravirtualized network interface."
}
]
}
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unknown",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-24T00:00:00.000Z",
"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
"shortName": "XEN"
},
"references": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-424.txt"
},
{
"name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/08/3"
},
{
"name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/08/2"
},
{
"name": "[oss-security] 20221209 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/09/2"
},
{
"name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
},
{
"name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
"assignerShortName": "XEN",
"cveId": "CVE-2022-42328",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-10-03T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:26:39.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://xenbits.xenproject.org/xsa/advisory-424.txt\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/12/08/3\", \"name\": \"[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/12/08/2\", \"name\": \"[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/12/09/2\", \"name\": \"[oss-security] 20221209 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html\", \"name\": \"[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html\", \"name\": \"[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:03:45.967Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-42328\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T14:25:41.282586Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-667\", \"description\": \"CWE-667 Improper Locking\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-23T14:26:28.432Z\"}}], \"cna\": {\"metrics\": [{\"other\": {\"type\": \"unknown\", \"content\": {\"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A malicious guest could cause Denial of Service (DoS) of the host via\\nthe paravirtualized network interface.\"}]}}}}], \"affected\": [{\"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"unknown\", \"version\": \"consult Xen advisory XSA-424\"}]}], \"references\": [{\"url\": \"https://xenbits.xenproject.org/xsa/advisory-424.txt\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/12/08/3\", \"name\": \"[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/12/08/2\", \"name\": \"[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/12/09/2\", \"name\": \"[oss-security] 20221209 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html\", \"name\": \"[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html\", \"name\": \"[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"unknown\"}]}], \"providerMetadata\": {\"orgId\": \"23aa2041-22e1-471f-9209-9b7396fa234f\", \"shortName\": \"XEN\", \"dateUpdated\": \"2022-12-24T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-42328\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-23T14:26:39.413Z\", \"dateReserved\": \"2022-10-03T00:00:00.000Z\", \"assignerOrgId\": \"23aa2041-22e1-471f-9209-9b7396fa234f\", \"datePublished\": \"2022-12-07T00:00:00.000Z\", \"assignerShortName\": \"XEN\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2023-AVI-0148
Vulnerability from certfr_avis - Published: 2023-02-17 - Updated: 2023-02-17
De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un déni de service à distance, une atteinte à l'intégrité des données, une exécution de code arbitraire, une élévation de privilèges et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3-LTSS | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP4 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | N/A | SUSE CaaS Platform 4.0 | ||
| SUSE | N/A | SUSE OpenStack Cloud Crowbar 9 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.2 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-BCL | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing | ||
| SUSE | N/A | SUSE Enterprise Storage 7 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP4 | ||
| SUSE | openSUSE Leap | openSUSE Leap Micro 5.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15-SP4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP4 | ||
| SUSE | N/A | SUSE Enterprise Storage 7.1 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP2-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-SP4-LTSS-EXTREME-CORE | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1-LTSS | ||
| SUSE | openSUSE Leap | openSUSE Leap Micro 5.2 | ||
| SUSE | N/A | SUSE OpenStack Cloud 9 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Realtime Extension 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 15-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-SP4-LTSS-EXTREME-CORE",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap Micro 5.2",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Realtime Extension 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-47520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47520"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2022-28356",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28356"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2022-21127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21127"
},
{
"name": "CVE-2022-47929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2022-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2020-15393",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15393"
},
{
"name": "CVE-2022-20132",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20132"
},
{
"name": "CVE-2022-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2020-36557",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36557"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2022-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3643"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
},
{
"name": "CVE-2022-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
},
{
"name": "CVE-2022-20166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20166"
},
{
"name": "CVE-2022-4662",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4662"
},
{
"name": "CVE-2022-41858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2021-33656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33656"
},
{
"name": "CVE-2022-3903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3903"
},
{
"name": "CVE-2019-3837",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3837"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2022-4382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4382"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2022-21499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21499"
},
{
"name": "CVE-2020-24588",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24588"
},
{
"name": "CVE-2022-3112",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3112"
},
{
"name": "CVE-2023-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0179"
},
{
"name": "CVE-2022-44033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44033"
},
{
"name": "CVE-2021-33655",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33655"
},
{
"name": "CVE-2022-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
},
{
"name": "CVE-2022-4095",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4095"
},
{
"name": "CVE-2022-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
},
{
"name": "CVE-2022-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1048"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2022-3107",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3107"
},
{
"name": "CVE-2022-3649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3649"
},
{
"name": "CVE-2021-34981",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34981"
},
{
"name": "CVE-2022-41848",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41848"
},
{
"name": "CVE-2022-3524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
},
{
"name": "CVE-2018-7755",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7755"
},
{
"name": "CVE-2022-39188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
},
{
"name": "CVE-2022-3586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3586"
},
{
"name": "CVE-2022-41850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
},
{
"name": "CVE-2022-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3646"
},
{
"name": "CVE-2021-39713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39713"
},
{
"name": "CVE-2022-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1011"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2021-45868",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45868"
},
{
"name": "CVE-2022-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3565"
},
{
"name": "CVE-2022-21123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
},
{
"name": "CVE-2022-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3115"
},
{
"name": "CVE-2022-20368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20368"
},
{
"name": "CVE-2022-2318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2318"
},
{
"name": "CVE-2019-3900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3900"
},
{
"name": "CVE-2021-26341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26341"
},
{
"name": "CVE-2022-36946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36946"
},
{
"name": "CVE-2022-3303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3303"
},
{
"name": "CVE-2022-3424",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3424"
},
{
"name": "CVE-2022-1679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
},
{
"name": "CVE-2022-3108",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3108"
},
{
"name": "CVE-2022-36879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
},
{
"name": "CVE-2022-1353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1353"
},
{
"name": "CVE-2020-16119",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16119"
},
{
"name": "CVE-2017-13695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13695"
},
{
"name": "CVE-2022-20369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20369"
},
{
"name": "CVE-2022-21385",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21385"
},
{
"name": "CVE-2022-44032",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44032"
},
{
"name": "CVE-2022-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3621"
},
{
"name": "CVE-2022-3606",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3606"
},
{
"name": "CVE-2022-40768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40768"
},
{
"name": "CVE-2022-21180",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21180"
},
{
"name": "CVE-2018-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9517"
},
{
"name": "CVE-2022-3028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3028"
},
{
"name": "CVE-2023-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
},
{
"name": "CVE-2022-3105",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3105"
},
{
"name": "CVE-2022-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3566"
},
{
"name": "CVE-2022-33981",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33981"
},
{
"name": "CVE-2022-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3635"
},
{
"name": "CVE-2023-0122",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0122"
},
{
"name": "CVE-2020-36558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36558"
}
],
"initial_release_date": "2023-02-17T00:00:00",
"last_revision_date": "2023-02-17T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 14 f\u00e9vrier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230407-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 14 f\u00e9vrier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230409-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 15 f\u00e9vrier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230420-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 16 f\u00e9vrier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230433-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 13 f\u00e9vrier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230394-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 15 f\u00e9vrier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230416-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 14 f\u00e9vrier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230406-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 14 f\u00e9vrier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230410-1/"
}
],
"reference": "CERTFR-2023-AVI-0148",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\nd\u00e9ni de service \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une\nex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0394-1 du 13 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0416-1 du 15 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0420-1 du 15 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0406-1 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0410-1 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0409-1 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0433-1 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0407-1 du 14 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0066
Vulnerability from certfr_avis - Published: 2023-01-27 - Updated: 2023-01-27
De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP5 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.2 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP4 | ||
| SUSE | openSUSE Leap | openSUSE Leap Micro 5.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15-SP4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP5 | ||
| SUSE | N/A | SUSE Enterprise Storage 7.1 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP4 | ||
| SUSE | openSUSE Leap | openSUSE Leap Micro 5.2 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.3 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Realtime Extension 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 15-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12-SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap Micro 5.2",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Realtime Extension 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-47520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47520"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2022-47929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
},
{
"name": "CVE-2022-4379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4379"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2022-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3643"
},
{
"name": "CVE-2022-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
},
{
"name": "CVE-2022-4662",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4662"
},
{
"name": "CVE-2022-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3114"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2022-3344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3344"
},
{
"name": "CVE-2022-3112",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3112"
},
{
"name": "CVE-2022-3106",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3106"
},
{
"name": "CVE-2022-3107",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3107"
},
{
"name": "CVE-2019-19083",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19083"
},
{
"name": "CVE-2022-3111",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3111"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2022-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3115"
},
{
"name": "CVE-2022-3108",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3108"
},
{
"name": "CVE-2022-3113",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3113"
},
{
"name": "CVE-2022-3104",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3104"
},
{
"name": "CVE-2022-3105",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3105"
}
],
"initial_release_date": "2023-01-27T00:00:00",
"last_revision_date": "2023-01-27T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 25 janvier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230145-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 26 janvier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230149-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 26 janvier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230147-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 26 janvier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230148-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 26 janvier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230146-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 26 janvier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230152-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 25 janvier 2023",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230134-1/"
}
],
"reference": "CERTFR-2023-AVI-0066",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0148-1 du 26 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0145-1 du 25 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0146-1 du 26 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0149-1 du 26 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0147-1 du 26 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0152-1 du 26 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2023:0134-1 du 25 janvier 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0210
Vulnerability from certfr_avis - Published: 2023-03-10 - Updated: 2023-03-10
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données, une atteinte à l'intégrité des données, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 22.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-47521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47521"
},
{
"name": "CVE-2022-47520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47520"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2023-0461",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2022-47929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2022-4379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4379"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2022-47518",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47518"
},
{
"name": "CVE-2022-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2023-20928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20928"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2022-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3643"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
},
{
"name": "CVE-2022-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3169"
},
{
"name": "CVE-2022-45869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
},
{
"name": "CVE-2022-41858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
},
{
"name": "CVE-2022-36280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2022-39842",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39842"
},
{
"name": "CVE-2022-41849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
},
{
"name": "CVE-2022-3344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3344"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2023-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0179"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2022-3649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3649"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2023-23559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23559"
},
{
"name": "CVE-2022-41850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
},
{
"name": "CVE-2022-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3646"
},
{
"name": "CVE-2022-43945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2021-3669",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3669"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2022-26373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
},
{
"name": "CVE-2022-3821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3821"
},
{
"name": "CVE-2023-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
},
{
"name": "CVE-2023-20938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20938"
},
{
"name": "CVE-2022-3424",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3424"
},
{
"name": "CVE-2022-47519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47519"
},
{
"name": "CVE-2023-0045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0045"
},
{
"name": "CVE-2022-3623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
},
{
"name": "CVE-2022-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
},
{
"name": "CVE-2022-20369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20369"
},
{
"name": "CVE-2022-20566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20566"
},
{
"name": "CVE-2022-4139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
},
{
"name": "CVE-2022-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
},
{
"name": "CVE-2023-0468",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0468"
},
{
"name": "CVE-2022-45873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45873"
}
],
"initial_release_date": "2023-03-10T00:00:00",
"last_revision_date": "2023-03-10T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0210",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une\nex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5938-1 du 08 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5938-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu LSN-0092-1 du 07 mars 2023",
"url": "https://ubuntu.com/security/notices/LSN-0092-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5924-1 du 06 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5924-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5919-1 du 03 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5919-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5940-1 du 09 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5940-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5939-1 du 08 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5939-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5926-1 du 06 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5926-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5934-1 du 07 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5934-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5941-1 du 09 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5941-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5929-1 du 07 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5929-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5925-1 du 06 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5925-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5918-1 du 03 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5918-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5928-1 du 07 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5928-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5927-1 du 07 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5927-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5920-1 du 03 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5920-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5917-1 du 03 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5917-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5935-1 du 07 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5935-1"
}
]
}
CERTFR-2023-AVI-0453
Vulnerability from certfr_avis - Published: 2023-06-13 - Updated: 2023-06-14
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SINAMICS GL150 versions antérieures à 7.2 | ||
| Siemens | N/A | Teamcenter Visualization versions 13.3.x antérieures à 13.3.0.10 | ||
| Siemens | N/A | SIMOTION D425-2 DP (6AU1425-2AA00-0AA0) versions antérieures à 5.5 SP1 | ||
| Siemens | N/A | CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05 | ||
| Siemens | N/A | POWER METER SICAM Q200 family versions antérieures à 2.70 | ||
| Siemens | N/A | SIMATIC NET PC Software V15 toutes versions | ||
| Siemens | N/A | SIMOTION D445-2 DP/PN (6AU1445-2AD00-0AA1) toutes versions | ||
| Siemens | N/A | SIMOTION D410-2 DP (6AU1410-2AA00-0AA0) versions antérieures à 5.5 SP1 | ||
| Siemens | N/A | SIMATIC STEP 7 V5 versions antérieures à 5.7 | ||
| Siemens | N/A | SIMOTION C240 (6AU1240-1AA00-0AA0) versions antérieures à 5.5 SP1 | ||
| Siemens | N/A | SIMATIC S7-1500 TM MFP - Linux Kernel | ||
| Siemens | N/A | SINAUT Software ST7sc toutes versions | ||
| Siemens | N/A | SIMOTION P320-4 E (6AU1320-4DE65-3AF0) toutes versions | ||
| Siemens | N/A | Teamcenter Visualization versions 14.0.x antérieures à 14.0.0.6 | ||
| Siemens | N/A | SIMOTION C240 PN (6AU1240-1AB00-0AA0) versions antérieures à 5.5 SP1 | ||
| Siemens | N/A | SIMATIC NET PC Software V14 toutes versions | ||
| Siemens | N/A | SIMATIC PCS 7 V9.0 toutes versions | ||
| Siemens | N/A | SIMATIC PCS 7 V9.1 toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 TM MFP - BIOS | ||
| Siemens | N/A | SIMOTION D435-2 DP/PN (6AU1435-2AD00-0AA0) versions antérieures à 5.5 SP1 | ||
| Siemens | N/A | SINAMICS SL150 versions antérieures à 7.2 | ||
| Siemens | N/A | SINAMICS PERFECT HARMONY GH180 6SR5 versions antérieures à 7.2 | ||
| Siemens | N/A | Teamcenter Visualization versions 13.2.x antérieures à 13.2.0.13 | ||
| Siemens | N/A | SIMOTION D435-2 DP (6AU1435-2AA00-0AA0) versions antérieures à 5.5 SP1 | ||
| Siemens | N/A | SIMOTION P320-4 S (6AU1320-4DS66-3AG0) toutes versions | ||
| Siemens | N/A | SIMATIC WinCC versions antérieures à 8.0 | ||
| Siemens | N/A | Teamcenter Visualization versions 14.2.x antérieures à 14.2.0.3 | ||
| Siemens | N/A | les contrôlleurs Desigo PX, se référer au bulletin ssa-824231 de l'éditeur pour la liste complète des versions affectées | ||
| Siemens | N/A | SIMOTION D445-2 DP/PN (6AU1445-2AD00-0AA0) versions antérieures à 5.5 SP1 | ||
| Siemens | N/A | SIMATIC S7-PM toutes versions | ||
| Siemens | N/A | Solid Edge SE2023 versions antérieures à 223.0 Update 5 | ||
| Siemens | N/A | JT2Go versions antérieures à 14.1.0.4 | ||
| Siemens | N/A | SIMOTION D455-2 DP/PN (6AU1455-2AD00-0AA0) versions antérieures à 5.5 SP1 | ||
| Siemens | N/A | SIMOTION D410-2 DP/PN (6AU1410-2AD00-0AA0) versions antérieures à 5.5 SP1 | ||
| Siemens | N/A | Teamcenter Visualization versions 14.1.x antérieures à 14.1.0.8 | ||
| Siemens | N/A | CP-8031 MASTER MODULE (6MF2803-1AA00) versions antérieures à CPCI85 V05 | ||
| Siemens | N/A | Totally Integrated Automation Portal (TIA Portal) versions 14 à 18 | ||
| Siemens | N/A | SIMATIC PCS 7 toutes versions | ||
| Siemens | N/A | SIMOTION D425-2 DP/PN (6AU1425-2AD00-0AA0) versions antérieures à 5.5 SP1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SINAMICS GL150 versions ant\u00e9rieures \u00e0 7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization versions 13.3.x ant\u00e9rieures \u00e0 13.3.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION D425-2 DP (6AU1425-2AA00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "POWER METER SICAM Q200 family versions ant\u00e9rieures \u00e0 2.70",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V15 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION D445-2 DP/PN (6AU1445-2AD00-0AA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION D410-2 DP (6AU1410-2AA00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V5 versions ant\u00e9rieures \u00e0 5.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION C240 (6AU1240-1AA00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 TM MFP - Linux Kernel",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAUT Software ST7sc toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION P320-4 E (6AU1320-4DE65-3AF0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization versions 14.0.x ant\u00e9rieures \u00e0 14.0.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION C240 PN (6AU1240-1AB00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V14 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V9.0 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V9.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 TM MFP - BIOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION D435-2 DP/PN (6AU1435-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS SL150 versions ant\u00e9rieures \u00e0 7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS PERFECT HARMONY GH180 6SR5 versions ant\u00e9rieures \u00e0 7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization versions 13.2.x ant\u00e9rieures \u00e0 13.2.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION D435-2 DP (6AU1435-2AA00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION P320-4 S (6AU1320-4DS66-3AG0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC versions ant\u00e9rieures \u00e0 8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization versions 14.2.x ant\u00e9rieures \u00e0 14.2.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "les contr\u00f4lleurs Desigo PX, se r\u00e9f\u00e9rer au bulletin ssa-824231 de l\u0027\u00e9diteur pour la liste compl\u00e8te des versions affect\u00e9es",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION D445-2 DP/PN (6AU1445-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PM toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2023 versions ant\u00e9rieures \u00e0 223.0 Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go versions ant\u00e9rieures \u00e0 14.1.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION D455-2 DP/PN (6AU1455-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION D410-2 DP/PN (6AU1410-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization versions 14.1.x ant\u00e9rieures \u00e0 14.1.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP-8031 MASTER MODULE (6MF2803-1AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Totally Integrated Automation Portal (TIA Portal) versions 14 \u00e0 18",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION D425-2 DP/PN (6AU1425-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2021-42384",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42384"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2021-42378",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42378"
},
{
"name": "CVE-2022-39190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39190"
},
{
"name": "CVE-2022-42720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42720"
},
{
"name": "CVE-2021-42382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42382"
},
{
"name": "CVE-2022-47520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47520"
},
{
"name": "CVE-2021-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
},
{
"name": "CVE-2022-21233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21233"
},
{
"name": "CVE-2021-42376",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42376"
},
{
"name": "CVE-2022-3633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3633"
},
{
"name": "CVE-2021-28831",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28831"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2020-29562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
},
{
"name": "CVE-2022-20421",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20421"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2018-4834",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4834"
},
{
"name": "CVE-2022-32296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32296"
},
{
"name": "CVE-2022-47929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2021-42373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42373"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2021-42377",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42377"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2021-3998",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3998"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2020-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2022-47518",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47518"
},
{
"name": "CVE-2023-31238",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31238"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2021-42386",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42386"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2023-33919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33919"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
},
{
"name": "CVE-2022-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
},
{
"name": "CVE-2022-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3169"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2021-42380",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42380"
},
{
"name": "CVE-2023-33920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33920"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-4662",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4662"
},
{
"name": "CVE-2021-42374",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42374"
},
{
"name": "CVE-2023-33124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33124"
},
{
"name": "CVE-2022-43545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43545"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2022-3534",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3534"
},
{
"name": "CVE-2022-36280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
},
{
"name": "CVE-2022-4129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2023-26495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26495"
},
{
"name": "CVE-2022-34918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34918"
},
{
"name": "CVE-2022-20572",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20572"
},
{
"name": "CVE-2022-41849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
},
{
"name": "CVE-2022-42432",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42432"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2023-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0179"
},
{
"name": "CVE-2022-47946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47946"
},
{
"name": "CVE-2021-33655",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33655"
},
{
"name": "CVE-2022-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2602"
},
{
"name": "CVE-2022-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
},
{
"name": "CVE-2023-25910",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25910"
},
{
"name": "CVE-2023-33921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33921"
},
{
"name": "CVE-2022-4095",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4095"
},
{
"name": "CVE-2022-2585",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2585"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
},
{
"name": "CVE-2022-2078",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2078"
},
{
"name": "CVE-2022-1184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1184"
},
{
"name": "CVE-2022-41222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41222"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2022-2586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
},
{
"name": "CVE-2022-28391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28391"
},
{
"name": "CVE-2023-26607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26607"
},
{
"name": "CVE-2022-3649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3649"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2022-42719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42719"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2021-42379",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42379"
},
{
"name": "CVE-2021-20269",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20269"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2021-3759",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3759"
},
{
"name": "CVE-2023-23559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23559"
},
{
"name": "CVE-2022-3524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
},
{
"name": "CVE-2022-32250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32250"
},
{
"name": "CVE-2022-2274",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2274"
},
{
"name": "CVE-2018-13405",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13405"
},
{
"name": "CVE-2022-39188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
},
{
"name": "CVE-2021-42381",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42381"
},
{
"name": "CVE-2022-21505",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21505"
},
{
"name": "CVE-2022-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36123"
},
{
"name": "CVE-2022-3586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3586"
},
{
"name": "CVE-2021-4037",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4037"
},
{
"name": "CVE-2022-41850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
},
{
"name": "CVE-2022-2978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2978"
},
{
"name": "CVE-2022-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3646"
},
{
"name": "CVE-2022-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3625"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2022-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3565"
},
{
"name": "CVE-2023-33122",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33122"
},
{
"name": "CVE-2022-42721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42721"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-0547",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0547"
},
{
"name": "CVE-2022-21123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
},
{
"name": "CVE-2022-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43398"
},
{
"name": "CVE-2022-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1012"
},
{
"name": "CVE-2022-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3115"
},
{
"name": "CVE-2021-42383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42383"
},
{
"name": "CVE-2023-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1095"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-0171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0171"
},
{
"name": "CVE-2022-26373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
},
{
"name": "CVE-2022-2905",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2905"
},
{
"name": "CVE-2022-20422",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20422"
},
{
"name": "CVE-2023-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2022-3594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
},
{
"name": "CVE-2022-36946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36946"
},
{
"name": "CVE-2022-3303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3303"
},
{
"name": "CVE-2016-10228",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10228"
},
{
"name": "CVE-2021-42385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42385"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2022-1679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
},
{
"name": "CVE-2022-36879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2023-27465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27465"
},
{
"name": "CVE-2022-3629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3629"
},
{
"name": "CVE-2023-33121",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33121"
},
{
"name": "CVE-2022-2959",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2959"
},
{
"name": "CVE-2023-28829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28829"
},
{
"name": "CVE-2022-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2023-1077",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1077"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2023-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1073"
},
{
"name": "CVE-2023-30757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30757"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2022-42722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42722"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2022-20566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20566"
},
{
"name": "CVE-2022-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2327"
},
{
"name": "CVE-2022-1199",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1199"
},
{
"name": "CVE-2022-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3621"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2022-3606",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3606"
},
{
"name": "CVE-2022-1852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1852"
},
{
"name": "CVE-2021-27645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
},
{
"name": "CVE-2022-40768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40768"
},
{
"name": "CVE-2022-4139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
},
{
"name": "CVE-2022-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
},
{
"name": "CVE-2022-3104",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3104"
},
{
"name": "CVE-2021-42375",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42375"
},
{
"name": "CVE-2022-2503",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2503"
},
{
"name": "CVE-2022-3028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3028"
},
{
"name": "CVE-2023-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
},
{
"name": "CVE-2023-30897",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30897"
},
{
"name": "CVE-2022-40307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40307"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2022-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
},
{
"name": "CVE-2022-41674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41674"
},
{
"name": "CVE-2022-1882",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1882"
},
{
"name": "CVE-2022-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3635"
},
{
"name": "CVE-2022-43439",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43439"
},
{
"name": "CVE-2023-33123",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33123"
},
{
"name": "CVE-2023-30901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30901"
},
{
"name": "CVE-2022-43546",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43546"
},
{
"name": "CVE-2022-2153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2153"
}
],
"initial_release_date": "2023-06-13T00:00:00",
"last_revision_date": "2023-06-14T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0453",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-13T00:00:00.000000"
},
{
"description": "Modification de la date du bulletin de s\u00e9curit\u00e9 ssa-824231.",
"revision_date": "2023-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-975766 du 13 juin 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-975766.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-042050 du 13 juin 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-042050.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-731916 du 13 juin 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-731916.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-914026 du 13 juin 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-914026.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-794697 du 13 juin 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-538795 du 13 juin 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-538795.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-831302 du 13 juin 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-831302.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-482956 du 13 juin 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-482956.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-508677 du 13 juin 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-508677.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-968170 du 13 juin 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-968170.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-824231 du 24 janvier 2018",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824231.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-942865 du 13 juin 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-942865.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-887249 du 13 juin 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-887249.html"
}
]
}
CERTFR-2022-AVI-1122
Vulnerability from certfr_avis - Published: 2022-12-21 - Updated: 2022-12-21
De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données, un contournement de la politique de sécurité, une exécution de code arbitraire à distance, un problème de sécurité non spécifié par l'éditeur, une élévation de privilèges et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP2-BCL | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.3 | ||
| SUSE | N/A | SUSE CaaS Platform 4.0 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-ESPOS | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15-SP1 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.0 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-BCL | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing | ||
| SUSE | N/A | SUSE Enterprise Storage 7 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP4 | ||
| SUSE | openSUSE Leap | openSUSE Leap Micro 5.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP4 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.0 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1-BCL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15-SP2 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP2 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-LTSS | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP2-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP4 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1-LTSS | ||
| SUSE | N/A | SUSE Enterprise Storage 6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.3 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.0 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 15-SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP2",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.0",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.0",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12-SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.0",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3707"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2019-3874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3874"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2022-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3643"
},
{
"name": "CVE-2022-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3567"
},
{
"name": "CVE-2022-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3169"
},
{
"name": "CVE-2022-45869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
},
{
"name": "CVE-2022-3176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3176"
},
{
"name": "CVE-2022-41858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
},
{
"name": "CVE-2022-3903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3903"
},
{
"name": "CVE-2022-4129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2022-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2602"
},
{
"name": "CVE-2022-4095",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4095"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2022-3542",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3542"
},
{
"name": "CVE-2022-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3577"
},
{
"name": "CVE-2022-3649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3649"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2022-41848",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41848"
},
{
"name": "CVE-2022-3524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
},
{
"name": "CVE-2022-3586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3586"
},
{
"name": "CVE-2021-4037",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4037"
},
{
"name": "CVE-2022-41850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
},
{
"name": "CVE-2022-2978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2978"
},
{
"name": "CVE-2022-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3646"
},
{
"name": "CVE-2022-43945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
},
{
"name": "CVE-2022-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3625"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2022-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3565"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-45888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45888"
},
{
"name": "CVE-2022-28748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28748"
},
{
"name": "CVE-2022-3594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
},
{
"name": "CVE-2022-3424",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3424"
},
{
"name": "CVE-2022-3629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3629"
},
{
"name": "CVE-2022-3535",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3535"
},
{
"name": "CVE-2022-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3621"
},
{
"name": "CVE-2022-28693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28693"
},
{
"name": "CVE-2022-40768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40768"
},
{
"name": "CVE-2022-4139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
},
{
"name": "CVE-2022-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
},
{
"name": "CVE-2022-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3566"
},
{
"name": "CVE-2022-40307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40307"
},
{
"name": "CVE-2022-33981",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33981"
},
{
"name": "CVE-2020-26541",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26541"
},
{
"name": "CVE-2022-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3635"
},
{
"name": "CVE-2022-2153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2153"
}
],
"initial_release_date": "2022-12-21T00:00:00",
"last_revision_date": "2022-12-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 19 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224566-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 20 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224580-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 19 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224551-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 19 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224569-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 19 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224560-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 20 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224589-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 19 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224577-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 19 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224562-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 20 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224587-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 20 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224595-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 20 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224585-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 19 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224550-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 19 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224559-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 19 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224561-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 19 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224572-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 19 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224573-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 19 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224574-1/"
}
],
"reference": "CERTFR-2022-AVI-1122",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, un contournement de la politique de\ns\u00e9curit\u00e9, une ex\u00e9cution de code arbitraire \u00e0 distance, un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une \u00e9l\u00e9vation de privil\u00e8ges et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4589-1 du 20 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4587-1 du 20 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4560-1 du 19 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4551-1 du 19 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4585-1 du 20 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4566-1 du 19 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4577-1 du 19 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4574-1 du 19 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4561-1 du 19 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4572-1 du 19 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4559-1 du 19 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4580-1 du 20 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4550-1 du 19 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4569-1 du 19 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4562-1 du 19 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4595-1 du 20 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4573-1 du 19 d\u00e9cembre 2022",
"url": null
}
]
}
CERTFR-2023-AVI-0192
Vulnerability from certfr_avis - Published: 2023-03-03 - Updated: 2023-03-03
De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service à distance, une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 22.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3707"
},
{
"name": "CVE-2022-47521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47521"
},
{
"name": "CVE-2022-47520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47520"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2023-0461",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2022-47929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2022-4379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4379"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2022-47518",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47518"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2023-20928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20928"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
},
{
"name": "CVE-2022-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3567"
},
{
"name": "CVE-2022-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3169"
},
{
"name": "CVE-2022-45869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
},
{
"name": "CVE-2022-36280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2022-41849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
},
{
"name": "CVE-2022-3344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3344"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2023-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0179"
},
{
"name": "CVE-2023-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0210"
},
{
"name": "CVE-2023-0469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0469"
},
{
"name": "CVE-2022-3649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3649"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2022-41850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
},
{
"name": "CVE-2022-43945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2022-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3565"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2022-36879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
},
{
"name": "CVE-2022-47519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47519"
},
{
"name": "CVE-2023-0045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0045"
},
{
"name": "CVE-2022-20566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20566"
},
{
"name": "CVE-2022-4139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
},
{
"name": "CVE-2022-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
},
{
"name": "CVE-2023-0468",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0468"
}
],
"initial_release_date": "2023-03-03T00:00:00",
"last_revision_date": "2023-03-03T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0192",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5911-1 du 02 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5911-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5914-1 du 03 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5914-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5912-1 du 02 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5912-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5913-1 du 03 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5913-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5916-1 du 03 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5916-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5915-1 du 03 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5915-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5909-1 du 02 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5909-1"
}
]
}
CERTFR-2022-AVI-1125
Vulnerability from certfr_avis - Published: 2022-12-26 - Updated: 2022-12-26
De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS), une élévation de privilèges, un déni de service, un contournement de la politique de sécurité, une atteinte à l'intégrité des données, une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-BCL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP3 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP3 | ||
| SUSE | N/A | SUSE OpenStack Cloud Crowbar 9 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.2 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3-BCL | ||
| SUSE | openSUSE Leap | openSUSE Leap Micro 5.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15-SP4 | ||
| SUSE | N/A | SUSE Enterprise Storage 7.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12-SP4 | ||
| SUSE | openSUSE Leap | openSUSE Leap Micro 5.2 | ||
| SUSE | N/A | SUSE OpenStack Cloud 9 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Realtime Extension 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 15-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12-SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap Micro 5.2",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Realtime Extension 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3707"
},
{
"name": "CVE-2022-2977",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2977"
},
{
"name": "CVE-2022-39190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39190"
},
{
"name": "CVE-2022-42720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42720"
},
{
"name": "CVE-2022-3633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3633"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2021-33135",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33135"
},
{
"name": "CVE-2022-28356",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28356"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2022-32296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32296"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2022-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2019-3874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3874"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2022-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3643"
},
{
"name": "CVE-2022-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
},
{
"name": "CVE-2022-2639",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2639"
},
{
"name": "CVE-2022-3239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3239"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
},
{
"name": "CVE-2022-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3567"
},
{
"name": "CVE-2022-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3169"
},
{
"name": "CVE-2022-45869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
},
{
"name": "CVE-2022-3176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3176"
},
{
"name": "CVE-2022-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3114"
},
{
"name": "CVE-2020-36516",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36516"
},
{
"name": "CVE-2022-41858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
},
{
"name": "CVE-2022-3903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3903"
},
{
"name": "CVE-2022-4129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2016-3695",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3695"
},
{
"name": "CVE-2022-41849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2022-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2602"
},
{
"name": "CVE-2022-3526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3526"
},
{
"name": "CVE-2022-4095",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4095"
},
{
"name": "CVE-2022-1184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1184"
},
{
"name": "CVE-2022-3078",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3078"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2022-2586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
},
{
"name": "CVE-2022-3542",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3542"
},
{
"name": "CVE-2022-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3577"
},
{
"name": "CVE-2022-3649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3649"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2022-42719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42719"
},
{
"name": "CVE-2022-41848",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41848"
},
{
"name": "CVE-2022-3524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
},
{
"name": "CVE-2022-32250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32250"
},
{
"name": "CVE-2022-39188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
},
{
"name": "CVE-2022-3586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3586"
},
{
"name": "CVE-2021-4037",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4037"
},
{
"name": "CVE-2022-41850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
},
{
"name": "CVE-2022-2978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2978"
},
{
"name": "CVE-2022-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3646"
},
{
"name": "CVE-2022-43945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
},
{
"name": "CVE-2022-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3625"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2022-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3565"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2022-42721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42721"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-20368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20368"
},
{
"name": "CVE-2022-45888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45888"
},
{
"name": "CVE-2022-26373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
},
{
"name": "CVE-2022-2905",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2905"
},
{
"name": "CVE-2022-28748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28748"
},
{
"name": "CVE-2022-3202",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3202"
},
{
"name": "CVE-2022-3594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
},
{
"name": "CVE-2022-36946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36946"
},
{
"name": "CVE-2022-3303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3303"
},
{
"name": "CVE-2022-3424",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3424"
},
{
"name": "CVE-2022-36879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
},
{
"name": "CVE-2022-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3619"
},
{
"name": "CVE-2022-2873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2873"
},
{
"name": "CVE-2022-3629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3629"
},
{
"name": "CVE-2022-2959",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2959"
},
{
"name": "CVE-2020-16119",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16119"
},
{
"name": "CVE-2022-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
},
{
"name": "CVE-2022-40476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40476"
},
{
"name": "CVE-2022-20369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20369"
},
{
"name": "CVE-2022-42722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42722"
},
{
"name": "CVE-2022-3535",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3535"
},
{
"name": "CVE-2022-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3621"
},
{
"name": "CVE-2022-28693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28693"
},
{
"name": "CVE-2022-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2938"
},
{
"name": "CVE-2022-40768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40768"
},
{
"name": "CVE-2022-4139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
},
{
"name": "CVE-2022-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
},
{
"name": "CVE-2022-3028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3028"
},
{
"name": "CVE-2022-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3566"
},
{
"name": "CVE-2022-40307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40307"
},
{
"name": "CVE-2022-33981",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33981"
},
{
"name": "CVE-2022-41674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41674"
},
{
"name": "CVE-2020-26541",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26541"
},
{
"name": "CVE-2022-1882",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1882"
},
{
"name": "CVE-2022-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3635"
},
{
"name": "CVE-2022-1263",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1263"
},
{
"name": "CVE-2022-2153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2153"
}
],
"initial_release_date": "2022-12-26T00:00:00",
"last_revision_date": "2022-12-26T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 23 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224616-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 23 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224613-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 23 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224611-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 23 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224615-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 23 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224614-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 23 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224617-1/"
}
],
"reference": "CERTFR-2022-AVI-1125",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune injection de code indirecte \u00e0 distance (XSS), une \u00e9l\u00e9vation de\nprivil\u00e8ges, un d\u00e9ni de service, un contournement de la politique de\ns\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4616-1 du 23 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4617-1 du 23 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4614-1 du 23 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4611-1 du 23 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4613-1 du 23 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4615-1 du 23 d\u00e9cembre 2022",
"url": null
}
]
}
CERTFR-2023-AVI-0167
Vulnerability from certfr_avis - Published: 2023-02-24 - Updated: 2023-02-24
De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0461",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2022-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-41858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
},
{
"name": "CVE-2022-39842",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39842"
},
{
"name": "CVE-2022-41849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2022-3649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3649"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2023-23559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23559"
},
{
"name": "CVE-2022-41850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
},
{
"name": "CVE-2022-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3646"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2022-26373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
},
{
"name": "CVE-2023-0045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0045"
},
{
"name": "CVE-2022-20369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20369"
},
{
"name": "CVE-2022-20566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20566"
},
{
"name": "CVE-2022-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
}
],
"initial_release_date": "2023-02-24T00:00:00",
"last_revision_date": "2023-02-24T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0167",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5884-1 du 23 f\u00e9vrier 2023",
"url": "https://ubuntu.com/security/notices/USN-5884-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5883-1 du 22 f\u00e9vrier 2023",
"url": "https://ubuntu.com/security/notices/USN-5883-1"
}
]
}
CERTFR-2023-AVI-0244
Vulnerability from certfr_avis - Published: 2023-03-17 - Updated: 2023-03-17
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 22.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-47521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47521"
},
{
"name": "CVE-2022-47520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47520"
},
{
"name": "CVE-2023-0461",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2022-47929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
},
{
"name": "CVE-2022-4379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4379"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2022-47518",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47518"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2022-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
},
{
"name": "CVE-2022-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3169"
},
{
"name": "CVE-2022-45869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
},
{
"name": "CVE-2022-36280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2022-3344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3344"
},
{
"name": "CVE-2023-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0179"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2023-26605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26605"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2023-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
},
{
"name": "CVE-2023-20938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20938"
},
{
"name": "CVE-2022-3424",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3424"
},
{
"name": "CVE-2022-47519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47519"
},
{
"name": "CVE-2023-0045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0045"
},
{
"name": "CVE-2022-3623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
},
{
"name": "CVE-2022-4139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
},
{
"name": "CVE-2022-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
},
{
"name": "CVE-2023-0468",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0468"
}
],
"initial_release_date": "2023-03-17T00:00:00",
"last_revision_date": "2023-03-17T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0244",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5962-1 du 16 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5962-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5951-1 du 14 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5951-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5950-1 du 14 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5950-1"
}
]
}
CERTFR-2022-AVI-1118
Vulnerability from certfr_avis - Published: 2022-12-20 - Updated: 2022-12-20
De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | Citrix Hypervisor | Citrix Hypervisor 8.2 LTSR CU1 sans le correctif de sécurité XS82ECU1024 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix Hypervisor 8.2 LTSR CU1 sans le correctif de s\u00e9curit\u00e9 XS82ECU1024",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2022-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3643"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
}
],
"initial_release_date": "2022-12-20T00:00:00",
"last_revision_date": "2022-12-20T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1118",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix Hypervisor.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix Hypervisor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX473048 du 19 d\u00e9cembre 2022",
"url": "https://support.citrix.com/article/CTX473048/citrix-hypervisor-security-bulletin-for-cve20223643-cve202242328-cve202242329"
}
]
}
CERTFR-2022-AVI-1083
Vulnerability from certfr_avis - Published: 2022-12-08 - Updated: 2023-01-23
De multiples vulnérabilités ont été découvertes dans Xen. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Xen versions 4.14.x \u00e0 6.1-rc sans le correctif de s\u00e9curit\u00e9 xsa423-linux.patch",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
},
{
"description": "Xen versions 6.0.x \u00e0 6.1-rc sans le correctif de s\u00e9curit\u00e9 xsa424-linux.patch",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2022-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3643"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
}
],
"initial_release_date": "2022-12-08T00:00:00",
"last_revision_date": "2023-01-23T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1083",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-08T00:00:00.000000"
},
{
"description": "Correction des syst\u00e8mes affect\u00e9s",
"revision_date": "2023-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen du 06 d\u00e9cembre 2022",
"url": "https://xenbits.xen.org/xsa/advisory-424.html"
}
]
}
CERTFR-2022-AVI-1115
Vulnerability from certfr_avis - Published: 2022-12-19 - Updated: 2022-12-19
De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un déni de service à distance, un problème de sécurité non spécifié par l'éditeur, une atteinte à la confidentialité des données, un contournement de la politique de sécurité, une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP3 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.3 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.2 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP1 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP4 | ||
| SUSE | N/A | SUSE Enterprise Storage 7.1 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP2",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3707"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2022-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3643"
},
{
"name": "CVE-2022-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3567"
},
{
"name": "CVE-2022-45869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
},
{
"name": "CVE-2022-3176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3176"
},
{
"name": "CVE-2022-41858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
},
{
"name": "CVE-2022-3903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3903"
},
{
"name": "CVE-2022-4129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2022-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2602"
},
{
"name": "CVE-2022-4095",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4095"
},
{
"name": "CVE-2022-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3577"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2022-3586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3586"
},
{
"name": "CVE-2022-41850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
},
{
"name": "CVE-2022-43945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-45888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45888"
},
{
"name": "CVE-2021-39698",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39698"
},
{
"name": "CVE-2022-28693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28693"
},
{
"name": "CVE-2022-4139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
},
{
"name": "CVE-2022-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3566"
},
{
"name": "CVE-2022-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3635"
}
],
"initial_release_date": "2022-12-19T00:00:00",
"last_revision_date": "2022-12-19T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 17 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224539-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 16 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224516-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 17 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224545-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 17 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224546-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 17 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224533-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 17 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224534-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 16 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224518-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 17 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224520-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 16 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224506-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 16 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224513-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 16 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224504-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 17 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224528-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 17 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224542-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 16 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224515-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 16 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224503-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 16 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224517-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 17 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224543-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 16 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224505-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 17 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224527-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 16 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224510-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE du 17 d\u00e9cembre 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224544-1/"
}
],
"reference": "CERTFR-2022-AVI-1115",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9, une ex\u00e9cution\nde code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4527-1 du 17 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4504-1 du 16 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4518-1 du 16 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4542-1 du 17 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4505-1 du 16 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4517-1 du 16 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4506-1 du 16 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4545-1 du 17 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4510-1 du 16 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4539-1 du 17 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4516-1 du 16 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4520-1 du 17 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4503-1 du 16 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4515-1 du 16 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4546-1 du 17 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4528-1 du 17 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4543-1 du 17 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4544-1 du 17 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4533-1 du 17 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4513-1 du 16 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:4534-1 du 17 d\u00e9cembre 2022",
"url": null
}
]
}
CERTFR-2023-AVI-0315
Vulnerability from certfr_avis - Published: 2023-04-14 - Updated: 2023-04-14
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28328"
},
{
"name": "CVE-2023-0461",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
},
{
"name": "CVE-2022-1195",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1195"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2022-2380",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2380"
},
{
"name": "CVE-2022-47929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2021-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4203"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2023-26606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26606"
},
{
"name": "CVE-2022-20132",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20132"
},
{
"name": "CVE-2022-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-4662",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4662"
},
{
"name": "CVE-2020-36516",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36516"
},
{
"name": "CVE-2022-3903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3903"
},
{
"name": "CVE-2023-1074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
},
{
"name": "CVE-2022-36280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2022-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1016"
},
{
"name": "CVE-2022-4382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4382"
},
{
"name": "CVE-2022-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1975"
},
{
"name": "CVE-2022-39842",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39842"
},
{
"name": "CVE-2022-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2196"
},
{
"name": "CVE-2022-20572",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20572"
},
{
"name": "CVE-2022-41849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
},
{
"name": "CVE-2022-0487",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0487"
},
{
"name": "CVE-2021-28711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
},
{
"name": "CVE-2022-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
},
{
"name": "CVE-2021-28713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
},
{
"name": "CVE-2023-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0210"
},
{
"name": "CVE-2021-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3772"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2021-3659",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3659"
},
{
"name": "CVE-2023-26607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26607"
},
{
"name": "CVE-2022-3649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3649"
},
{
"name": "CVE-2021-3428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3428"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2021-28712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
},
{
"name": "CVE-2023-23559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23559"
},
{
"name": "CVE-2022-39188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
},
{
"name": "CVE-2022-3111",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3111"
},
{
"name": "CVE-2022-41850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
},
{
"name": "CVE-2022-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3646"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2021-26401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26401"
},
{
"name": "CVE-2021-45868",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45868"
},
{
"name": "CVE-2023-26545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26545"
},
{
"name": "CVE-2021-3669",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3669"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2023-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1095"
},
{
"name": "CVE-2023-1118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1118"
},
{
"name": "CVE-2022-26373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
},
{
"name": "CVE-2023-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
},
{
"name": "CVE-2022-2318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2318"
},
{
"name": "CVE-2022-3303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3303"
},
{
"name": "CVE-2022-3424",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3424"
},
{
"name": "CVE-2022-36879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
},
{
"name": "CVE-2022-2991",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2991"
},
{
"name": "CVE-2022-48424",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48424"
},
{
"name": "CVE-2021-3732",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3732"
},
{
"name": "CVE-2022-48423",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48423"
},
{
"name": "CVE-2023-0045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0045"
},
{
"name": "CVE-2022-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1205"
},
{
"name": "CVE-2022-20369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20369"
},
{
"name": "CVE-2021-4149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4149"
},
{
"name": "CVE-2022-0617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0617"
},
{
"name": "CVE-2022-3061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3061"
},
{
"name": "CVE-2022-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
},
{
"name": "CVE-2022-2503",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2503"
},
{
"name": "CVE-2022-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1974"
},
{
"name": "CVE-2022-1516",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1516"
}
],
"initial_release_date": "2023-04-14T00:00:00",
"last_revision_date": "2023-04-14T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0315",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une\n\u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6009-1 du 11 avril 2023",
"url": "https://ubuntu.com/security/notices/USN-6009-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6004-1 du 11 avril 2023",
"url": "https://ubuntu.com/security/notices/USN-6004-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6014-1 du 12 avril 2023",
"url": "https://ubuntu.com/security/notices/USN-6014-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6013-1 du 12 avril 2023",
"url": "https://ubuntu.com/security/notices/USN-6013-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6007-1 du 11 avril 2023",
"url": "https://ubuntu.com/security/notices/USN-6007-1"
}
]
}
CERTFR-2023-AVI-0260
Vulnerability from certfr_avis - Published: 2023-03-24 - Updated: 2023-03-24
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 22.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2022-4382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4382"
},
{
"name": "CVE-2022-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2196"
},
{
"name": "CVE-2023-0469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0469"
},
{
"name": "CVE-2023-23559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23559"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2023-1195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1195"
},
{
"name": "CVE-2023-0045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0045"
}
],
"initial_release_date": "2023-03-24T00:00:00",
"last_revision_date": "2023-03-24T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0260",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5970-1 du 23 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5970-1"
}
]
}
CERTFR-2022-AVI-1127
Vulnerability from certfr_avis - Published: 2022-12-27 - Updated: 2022-12-29
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Noyau linux de Debian 10 en versions ant\u00e9rieures \u00e0 4.19.269-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Noyau linux-5.10 de Debian 10 en versions ant\u00e9rieures \u00e0 5.10.158-2~deb10u1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-47521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47521"
},
{
"name": "CVE-2022-47520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47520"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2022-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3643"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
},
{
"name": "CVE-2022-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3169"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2022-4232",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4232"
},
{
"name": "CVE-2022-41849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2022-3649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3649"
},
{
"name": "CVE-2021-3759",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3759"
},
{
"name": "CVE-2022-3524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
},
{
"name": "CVE-2022-41850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
},
{
"name": "CVE-2022-2978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2978"
},
{
"name": "CVE-2022-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3646"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2022-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3565"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-3594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
},
{
"name": "CVE-2022-4751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4751"
},
{
"name": "CVE-2022-47519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47519"
},
{
"name": "CVE-2022-20369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20369"
},
{
"name": "CVE-2022-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3621"
},
{
"name": "CVE-2022-40768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40768"
},
{
"name": "CVE-2022-4139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
},
{
"name": "CVE-2022-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
}
],
"initial_release_date": "2022-12-27T00:00:00",
"last_revision_date": "2022-12-29T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1127",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-27T00:00:00.000000"
},
{
"description": "Correction de la date des bulletins de s\u00e9curit\u00e9 Debian.",
"revision_date": "2022-12-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nDebian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian dla-3244 du 22 d\u00e9cembre 2022",
"url": "https://www.debian.org/lts/security/2022/dla-3244"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian dla-3245 du 22 d\u00e9cembre 2022",
"url": "https://www.debian.org/lts/security/2022/dla-3245"
}
]
}
CERTFR-2023-AVI-0278
Vulnerability from certfr_avis - Published: 2023-03-31 - Updated: 2023-03-31
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité, une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28328"
},
{
"name": "CVE-2023-0461",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2023-1281",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1281"
},
{
"name": "CVE-2022-47929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2023-26606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26606"
},
{
"name": "CVE-2022-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-4842",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4842"
},
{
"name": "CVE-2023-1074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
},
{
"name": "CVE-2022-36280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2022-4382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4382"
},
{
"name": "CVE-2022-39842",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39842"
},
{
"name": "CVE-2022-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2196"
},
{
"name": "CVE-2022-41849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
},
{
"name": "CVE-2023-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0179"
},
{
"name": "CVE-2023-1032",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1032"
},
{
"name": "CVE-2023-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0210"
},
{
"name": "CVE-2023-0469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0469"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2023-26607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26607"
},
{
"name": "CVE-2022-3649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3649"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2023-1078",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1078"
},
{
"name": "CVE-2023-23559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23559"
},
{
"name": "CVE-2022-41850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
},
{
"name": "CVE-2022-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3646"
},
{
"name": "CVE-2023-1075",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1075"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2023-26545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26545"
},
{
"name": "CVE-2021-3669",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3669"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2023-1195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1195"
},
{
"name": "CVE-2022-26373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
},
{
"name": "CVE-2023-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
},
{
"name": "CVE-2022-27672",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27672"
},
{
"name": "CVE-2022-3424",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3424"
},
{
"name": "CVE-2022-48424",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48424"
},
{
"name": "CVE-2022-48423",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48423"
},
{
"name": "CVE-2023-0045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0045"
},
{
"name": "CVE-2023-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1073"
},
{
"name": "CVE-2022-20369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20369"
},
{
"name": "CVE-2022-3061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3061"
},
{
"name": "CVE-2022-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
}
],
"initial_release_date": "2023-03-31T00:00:00",
"last_revision_date": "2023-03-31T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0278",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, un contournement de la\npolitique de s\u00e9curit\u00e9, une ex\u00e9cution de code arbitraire \u00e0 distance, une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5975-1 du 27 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5975-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5981-1 du 28 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5981-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5976-1 du 27 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5976-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5982-1 du 28 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5982-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5977-1 du 27 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5977-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5978-1 du 27 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5978-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5980-1 du 28 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5980-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu LSN-0093-1 du 27 mars 2023",
"url": "https://ubuntu.com/security/notices/LSN-0093-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5979-1 du 28 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5979-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5985-1 du 29 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5985-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5984-1 du 29 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5984-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5987-1 du 29 mars 2023",
"url": "https://ubuntu.com/security/notices/USN-5987-1"
}
]
}
CERTFR-2024-AVI-0478
Vulnerability from certfr_avis - Published: 2024-06-11 - Updated: 2024-06-11
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SINEC Traffic Analyzer versions antérieures à 1.2 | ||
| Siemens | N/A | SIPLUS ET 200SP CP 1543SP-1 ISEC versions antérieures à 2.3 | ||
| Siemens | N/A | SITOP UPS1600 EX 20 A Ethernet PROFINET versions antérieures à 2.5.4 | ||
| Siemens | N/A | Teamcenter Visualization 14.3 versions antérieures à 14.3.0.9 | ||
| Siemens | N/A | SITOP UPS1600 40 A Ethernet/ PROFINET versions antérieures à 2.5.4 | ||
| Siemens | N/A | PCCX26 Ax 1703 PE, Contr, Communication Element versions antérieures à 06.05 | ||
| Siemens | N/A | Tecnomatix Plant Simulation 2404 versions antérieures à 2404.0001 | ||
| Siemens | N/A | TIM 1531 IRC versions antérieures à 2.4.8 | ||
| Siemens | N/A | CPCX26 Central Processing/Communication versions antérieures à 06.02 | ||
| Siemens | N/A | SITOP UPS1600 20 A Ethernet/ PROFINET versions antérieures à 2.5.4 | ||
| Siemens | N/A | Teamcenter Visualization 2312 versions antérieures à 2312.0004 | ||
| Siemens | N/A | JT2Go versions antérieures à 2312.0004 | ||
| Siemens | N/A | les applications Mendix utilisant Mendix 10 versions antérieures à 10.11.0 | ||
| Siemens | N/A | Tecnomatix Plant Simulation 2302 versions antérieures à 2302.0012 | ||
| Siemens | N/A | SIPLUS TIM 1531 IRC versions antérieures à 2.4.8 | ||
| Siemens | N/A | ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 versions antérieures à 03.27 | ||
| Siemens | N/A | SITOP UPS1600 10 A Ethernet/ PROFINET versions antérieures à 2.5.4 | ||
| Siemens | N/A | PowerSys versions antérieures à 3.11 | ||
| Siemens | N/A | ETA4 Ethernet Interface IEC60870-5-104 versions antérieures à 10.46 | ||
| Siemens | N/A | TIA Administrator versions antérieures à 3 SP2 | ||
| Siemens | N/A | les applications Mendix utilisant Mendix 9 versions antérieures à 9.24.22 | ||
| Siemens | N/A | ST7 ScadaConnect versions antérieures à 1.1 | ||
| Siemens | N/A | SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL versions antérieures à 2.3 | ||
| Siemens | N/A | Teamcenter Visualization 14.2 toutes versions, aucun correctif n'est disponible | ||
| Siemens | N/A | les produits SCALANCE, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation) | ||
| Siemens | N/A | SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL versions antérieures à 2.3 | ||
| Siemens | N/A | les applications Mendix utilisant Mendix 10.6 versions antérieures à 10.6.9 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SINEC Traffic Analyzer versions ant\u00e9rieures \u00e0 1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CP 1543SP-1 ISEC versions ant\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SITOP UPS1600 EX 20 A Ethernet PROFINET versions ant\u00e9rieures \u00e0 2.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization 14.3 versions ant\u00e9rieures \u00e0 14.3.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SITOP UPS1600 40 A Ethernet/ PROFINET versions ant\u00e9rieures \u00e0 2.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PCCX26 Ax 1703 PE, Contr, Communication Element versions ant\u00e9rieures \u00e0 06.05",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix Plant Simulation 2404 versions ant\u00e9rieures \u00e0 2404.0001",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC versions ant\u00e9rieures \u00e0 2.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CPCX26 Central Processing/Communication versions ant\u00e9rieures \u00e0 06.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SITOP UPS1600 20 A Ethernet/ PROFINET versions ant\u00e9rieures \u00e0 2.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization 2312 versions ant\u00e9rieures \u00e0 2312.0004",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go versions ant\u00e9rieures \u00e0 2312.0004",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "les applications Mendix utilisant Mendix 10 versions ant\u00e9rieures \u00e0 10.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix Plant Simulation 2302 versions ant\u00e9rieures \u00e0 2302.0012",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS TIM 1531 IRC versions ant\u00e9rieures \u00e0 2.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 versions ant\u00e9rieures \u00e0 03.27",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SITOP UPS1600 10 A Ethernet/ PROFINET versions ant\u00e9rieures \u00e0 2.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PowerSys versions ant\u00e9rieures \u00e0 3.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "ETA4 Ethernet Interface IEC60870-5-104 versions ant\u00e9rieures \u00e0 10.46",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Administrator versions ant\u00e9rieures \u00e0 3 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "les applications Mendix utilisant Mendix 9 versions ant\u00e9rieures \u00e0 9.24.22",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "ST7 ScadaConnect versions ant\u00e9rieures \u00e0 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL versions ant\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization 14.2 toutes versions, aucun correctif n\u0027est disponible",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "les produits SCALANCE, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL versions ant\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "les applications Mendix utilisant Mendix 10.6 versions ant\u00e9rieures \u00e0 10.6.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-24895",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24895"
},
{
"name": "CVE-2023-49691",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49691"
},
{
"name": "CVE-2024-35207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35207"
},
{
"name": "CVE-2023-33135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33135"
},
{
"name": "CVE-2024-33500",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33500"
},
{
"name": "CVE-2023-35390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35390"
},
{
"name": "CVE-2023-44317",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44317"
},
{
"name": "CVE-2024-35210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35210"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-38380",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38380"
},
{
"name": "CVE-2023-36794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36794"
},
{
"name": "CVE-2024-36266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36266"
},
{
"name": "CVE-2023-24897",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24897"
},
{
"name": "CVE-2022-44792",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44792"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2024-35206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35206"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-24936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24936"
},
{
"name": "CVE-2023-36792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36792"
},
{
"name": "CVE-2022-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3643"
},
{
"name": "CVE-2022-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
},
{
"name": "CVE-2022-46144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46144"
},
{
"name": "CVE-2022-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-26277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26277"
},
{
"name": "CVE-2022-40225",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40225"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-35828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35828"
},
{
"name": "CVE-2023-36049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36049"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-44793",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44793"
},
{
"name": "CVE-2024-35211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35211"
},
{
"name": "CVE-2023-33127",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33127"
},
{
"name": "CVE-2021-47178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47178"
},
{
"name": "CVE-2022-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
},
{
"name": "CVE-2023-33170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33170"
},
{
"name": "CVE-2023-33128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33128"
},
{
"name": "CVE-2023-41910",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41910"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2022-45886",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45886"
},
{
"name": "CVE-2022-1015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1015"
},
{
"name": "CVE-2023-27321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27321"
},
{
"name": "CVE-2024-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31484"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-41742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2023-26552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26552"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2023-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0160"
},
{
"name": "CVE-2024-35212",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35212"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2023-21255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21255"
},
{
"name": "CVE-2024-26275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26275"
},
{
"name": "CVE-2023-38180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38180"
},
{
"name": "CVE-2023-35824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
},
{
"name": "CVE-2024-35209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35209"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2023-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
},
{
"name": "CVE-2023-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38178"
},
{
"name": "CVE-2022-45887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45887"
},
{
"name": "CVE-2024-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0775"
},
{
"name": "CVE-2023-44319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44319"
},
{
"name": "CVE-2023-32032",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32032"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2023-26554",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26554"
},
{
"name": "CVE-2023-2269",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2269"
},
{
"name": "CVE-2024-35208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35208"
},
{
"name": "CVE-2024-26276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26276"
},
{
"name": "CVE-2023-1017",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1017"
},
{
"name": "CVE-2023-38171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38171"
},
{
"name": "CVE-2023-28260",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28260"
},
{
"name": "CVE-2023-50763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50763"
},
{
"name": "CVE-2022-3623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2023-29331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29331"
},
{
"name": "CVE-2023-44374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44374"
},
{
"name": "CVE-2023-38533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38533"
},
{
"name": "CVE-2023-35829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35829"
},
{
"name": "CVE-2023-36038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36038"
},
{
"name": "CVE-2023-21808",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21808"
},
{
"name": "CVE-2023-36799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36799"
},
{
"name": "CVE-2023-36435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36435"
},
{
"name": "CVE-2023-26553",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26553"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2023-35391",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35391"
},
{
"name": "CVE-2023-44373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2023-36796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36796"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2024-35303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35303"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-35292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35292"
},
{
"name": "CVE-2023-36558",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36558"
},
{
"name": "CVE-2023-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
},
{
"name": "CVE-2023-33126",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33126"
},
{
"name": "CVE-2023-52474",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52474"
},
{
"name": "CVE-2023-44318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44318"
},
{
"name": "CVE-2023-36793",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36793"
}
],
"initial_release_date": "2024-06-11T00:00:00",
"last_revision_date": "2024-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0478",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-900277",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-900277.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-620338",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620338.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-540640",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-540640.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-238730",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-238730.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-319319",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-319319.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-879734",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-879734.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-625862",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-625862.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-481506",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-481506.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-024584",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-024584.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-196737",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-196737.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-337522",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-337522.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-341067",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-771940",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-690517",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-690517.html"
}
]
}
FKIE_CVE-2022-42328
Vulnerability from fkie_nvd - Published: 2022-12-07 01:15 - Updated: 2025-04-23 15:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
References
| URL | Tags | ||
|---|---|---|---|
| security@xen.org | http://www.openwall.com/lists/oss-security/2022/12/08/2 | Mailing List, Patch, Third Party Advisory | |
| security@xen.org | http://www.openwall.com/lists/oss-security/2022/12/08/3 | Mailing List, Patch, Third Party Advisory | |
| security@xen.org | http://www.openwall.com/lists/oss-security/2022/12/09/2 | Mailing List, Patch, Third Party Advisory | |
| security@xen.org | https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html | Mailing List, Third Party Advisory | |
| security@xen.org | https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html | Mailing List, Third Party Advisory | |
| security@xen.org | https://xenbits.xenproject.org/xsa/advisory-424.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/12/08/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/12/08/3 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/12/09/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://xenbits.xenproject.org/xsa/advisory-424.txt | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87B81C9D-7173-4FFB-97BC-9C41AB20A53C",
"versionEndExcluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329)."
},
{
"lang": "es",
"value": "Los invitados pueden provocar un punto muerto en Linux netback driver T. Este registro de informaci\u00f3n CNA se relaciona con m\u00faltiples CVE; el texto explica qu\u00e9 aspectos/vulnerabilidades corresponden a cada CVE.] El parche para XSA-392 introdujo otro problema que podr\u00eda resultar en un punto muerto al intentar liberar el SKB de un paquete ca\u00eddo debido al manejo de XSA-392 (CVE-2022- 42328). Adem\u00e1s, al descartar paquetes por otros motivos, podr\u00eda producirse el mismo punto muerto en caso de que netpoll est\u00e9 activo para la interfaz a la que est\u00e1 conectado el controlador xen-netback (CVE-2022-42329)."
}
],
"id": "CVE-2022-42328",
"lastModified": "2025-04-23T15:15:51.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-07T01:15:11.273",
"references": [
{
"source": "security@xen.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/08/2"
},
{
"source": "security@xen.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/08/3"
},
{
"source": "security@xen.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/09/2"
},
{
"source": "security@xen.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
},
{
"source": "security@xen.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
},
{
"source": "security@xen.org",
"tags": [
"Third Party Advisory"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-424.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/08/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-424.txt"
}
],
"sourceIdentifier": "security@xen.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-7MXG-CX88-PJ6R
Vulnerability from github – Published: 2022-12-07 03:30 – Updated: 2022-12-12 15:30
VLAI?
Details
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2022-42328"
],
"database_specific": {
"cwe_ids": [
"CWE-667"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-07T01:15:00Z",
"severity": "MODERATE"
},
"details": "Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).",
"id": "GHSA-7mxg-cx88-pj6r",
"modified": "2022-12-12T15:30:31Z",
"published": "2022-12-07T03:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42328"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
},
{
"type": "WEB",
"url": "https://xenbits.xenproject.org/xsa/advisory-424.txt"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/12/08/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/12/08/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/12/09/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2022-42328
Vulnerability from fstec - Published: 05.12.2022
VLAI Severity ?
Title
Уязвимость драйвера xen-netback ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость драйвера xen-netback ядра операционных систем Linux связана с некорректной блокировкой. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании
Severity ?
Vendor
Сообщество свободного программного обеспечения, АО "НППКТ"
Software Name
Linux, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
от 5.16 до 6.0.12 включительно (Linux), от 4.4.296 до 4.5 (Linux), до 2.10 (ОСОН ОСнова Оnyx), от 4.9.0 до 4.9.335 включительно (Linux), от 4.14.0 до 4.14.301 включительно (Linux), от 4.19.0 до 4.19.268 включительно (Linux), от 5.4.0 до 5.4.226 включительно (Linux), от 5.10.0 до 5.10.158 включительно (Linux), от 5.15.0 до 5.15.82 включительно (Linux)
Possible Mitigations
Компенсирующие меры:
1) Использование другой серверной части сети PV (например, серверной части «qnic» на основе qemu);
2) Использование выделенного домена сетевого драйвера для каждого гостя.
Использование рекомендаций:
Для Linux:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74e7e1efdad45580cc3839f2a155174cf158f9b5
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.336
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.302
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.269
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.227
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.159
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83
https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.13
Для ОСОН ОСнова Оnyx (версия 2.10):
Обновление программного обеспечения linux до версии 6.6.15-2.osnova226
Reference
http://www.openwall.com/lists/oss-security/2022/12/08/2
http://www.openwall.com/lists/oss-security/2022/12/08/3
http://www.openwall.com/lists/oss-security/2022/12/09/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42328
https://git.kernel.org/linus/74e7e1efdad45580cc3839f2a155174cf158f9b5
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74e7e1efdad45580cc3839f2a155174cf158f9b5
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.302
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.269
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.336
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.159
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.227
https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.13
https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html
https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html
https://ubuntu.com/security/notices/USN-5883-1
https://ubuntu.com/security/notices/USN-5912-1
https://ubuntu.com/security/notices/USN-5917-1
https://ubuntu.com/security/notices/USN-5919-1
https://ubuntu.com/security/notices/USN-5920-1
https://ubuntu.com/security/notices/USN-5924-1
https://ubuntu.com/security/notices/USN-5925-1
https://ubuntu.com/security/notices/USN-5927-1
https://ubuntu.com/security/notices/USN-5934-1
https://ubuntu.com/security/notices/USN-5935-1
https://ubuntu.com/security/notices/USN-5938-1
https://ubuntu.com/security/notices/USN-5939-1
https://ubuntu.com/security/notices/USN-5940-1
https://ubuntu.com/security/notices/USN-5941-1
https://ubuntu.com/security/notices/USN-5951-1
https://ubuntu.com/security/notices/USN-5962-1
https://ubuntu.com/security/notices/USN-5970-1
https://ubuntu.com/security/notices/USN-5975-1
https://ubuntu.com/security/notices/USN-5979-1
https://ubuntu.com/security/notices/USN-6000-1
https://ubuntu.com/security/notices/USN-6007-1
https://www.cve.org/CVERecord?id=CVE-2022-42328
https://www.openwall.com/lists/oss-security/2022/12/06/2
https://xenbits.xen.org/xsa/advisory-424.html
https://xenbits.xenproject.org/xsa/advisory-424.txt
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.10/
CWE
CWE-667
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 5.16 \u0434\u043e 6.0.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.4.296 \u0434\u043e 4.5 (Linux), \u0434\u043e 2.10 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u043e\u0442 4.9.0 \u0434\u043e 4.9.335 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.14.0 \u0434\u043e 4.14.301 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.19.0 \u0434\u043e 4.19.268 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.4.0 \u0434\u043e 5.4.226 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.10.0 \u0434\u043e 5.10.158 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.15.0 \u0434\u043e 5.15.82 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n1) \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0434\u0440\u0443\u0433\u043e\u0439 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0439 \u0447\u0430\u0441\u0442\u0438 \u0441\u0435\u0442\u0438 PV (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0439 \u0447\u0430\u0441\u0442\u0438 \u00abqnic\u00bb \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 qemu);\n2) \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u043c\u0435\u043d\u0430 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0433\u043e \u0433\u043e\u0441\u0442\u044f.\n\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74e7e1efdad45580cc3839f2a155174cf158f9b5\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.336\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.302\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.269\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.227\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.159\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.13\n\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.10):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f linux \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 6.6.15-2.osnova226",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.12.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.06.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.12.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-07314",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-42328",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Linux, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.16 \u0434\u043e 6.0.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.9.294 \u0434\u043e 4.9.335 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.14.259 \u0434\u043e 4.14.301 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.19.222 \u0434\u043e 4.19.268 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.4.168 \u0434\u043e 5.4.226 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.15.11 \u0434\u043e 5.15.82 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.4.296 \u0434\u043e 4.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.10 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 xen-netback \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 (CWE-667)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 xen-netback \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u043e\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.openwall.com/lists/oss-security/2022/12/08/2\nhttp://www.openwall.com/lists/oss-security/2022/12/08/3\nhttp://www.openwall.com/lists/oss-security/2022/12/09/2\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42328\nhttps://git.kernel.org/linus/74e7e1efdad45580cc3839f2a155174cf158f9b5\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74e7e1efdad45580cc3839f2a155174cf158f9b5\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.302\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.269\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.336\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.159\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.227\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.13\nhttps://lists.debian.org/debian-lts-announce/2022/12/msg00031.html\nhttps://lists.debian.org/debian-lts-announce/2022/12/msg00034.html\nhttps://ubuntu.com/security/notices/USN-5883-1\nhttps://ubuntu.com/security/notices/USN-5912-1\nhttps://ubuntu.com/security/notices/USN-5917-1\nhttps://ubuntu.com/security/notices/USN-5919-1\nhttps://ubuntu.com/security/notices/USN-5920-1\nhttps://ubuntu.com/security/notices/USN-5924-1\nhttps://ubuntu.com/security/notices/USN-5925-1\nhttps://ubuntu.com/security/notices/USN-5927-1\nhttps://ubuntu.com/security/notices/USN-5934-1\nhttps://ubuntu.com/security/notices/USN-5935-1\nhttps://ubuntu.com/security/notices/USN-5938-1\nhttps://ubuntu.com/security/notices/USN-5939-1\nhttps://ubuntu.com/security/notices/USN-5940-1\nhttps://ubuntu.com/security/notices/USN-5941-1\nhttps://ubuntu.com/security/notices/USN-5951-1\nhttps://ubuntu.com/security/notices/USN-5962-1\nhttps://ubuntu.com/security/notices/USN-5970-1\nhttps://ubuntu.com/security/notices/USN-5975-1\nhttps://ubuntu.com/security/notices/USN-5979-1\nhttps://ubuntu.com/security/notices/USN-6000-1\nhttps://ubuntu.com/security/notices/USN-6007-1\nhttps://www.cve.org/CVERecord?id=CVE-2022-42328\nhttps://www.openwall.com/lists/oss-security/2022/12/06/2\nhttps://xenbits.xen.org/xsa/advisory-424.html\nhttps://xenbits.xenproject.org/xsa/advisory-424.txt\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.10/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-667",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}
GSD-2022-42328
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-42328",
"description": "Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).",
"id": "GSD-2022-42328",
"references": [
"https://advisories.mageia.org/CVE-2022-42328.html",
"https://www.suse.com/security/cve/CVE-2022-42328.html",
"https://ubuntu.com/security/CVE-2022-42328"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-42328"
],
"details": "Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).",
"id": "GSD-2022-42328",
"modified": "2023-12-13T01:19:11.011638Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-42328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-424"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "All systems using the Linux kernel based network backend xen-netback\nare vulnerable."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329)."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious guest could cause Denial of Service (DoS) of the host via\nthe paravirtualized network interface."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xenproject.org/xsa/advisory-424.txt",
"refsource": "MISC",
"url": "https://xenbits.xenproject.org/xsa/advisory-424.txt"
},
{
"name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/12/08/3"
},
{
"name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/12/08/2"
},
{
"name": "[oss-security] 20221209 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/12/09/2"
},
{
"name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
},
{
"name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Using another PV network backend (e.g. the qemu based \"qnic\" backend)\nwill mitigate the problem.\n\nUsing a dedicated network driver domain per guest will mitigate the\nproblem."
}
]
}
}
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-42328"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xenproject.org/xsa/advisory-424.txt",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-424.txt"
},
{
"name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/08/3"
},
{
"name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/08/2"
},
{
"name": "[oss-security] 20221209 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/09/2"
},
{
"name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
},
{
"name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-01-10T19:40Z",
"publishedDate": "2022-12-07T01:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…